BLACKBULL NBFC

Trust, Security & Privacy

How we protect access, data, and documents on the BLACKBULL platform. This page describes the controls we operate; it is not an independent certification.

Access Control

Access is gated by a platform passcode that is validated server-side. The passcode itself is never sent to the browser; only a short-lived HMAC-signed access token is stored locally and attached to privileged requests.

Repeated failed attempts are rate-limited at the server.

Transport & Headers

All traffic is served over HTTPS with HSTS. Responses set strict Content-Security-Policy, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, and Cross-Origin isolation headers.

Data, Roles & Audit

User and document data is held in our managed backend with row-level security policies scoped to authenticated users and explicit role checks. Administrative actions are logged.

Document generation, uploads, downloads, and reviews are tracked in role-scoped activity records.

AI Use

AI-assisted drafting calls are routed server-side, gated by the platform access token, and rate-limited per IP. The system prompt and model are fixed server-side; clients cannot override them. AI output is informational and must be reviewed by a qualified professional before legal or regulatory filing.

Reporting a Security Issue

If you believe you have found a security or privacy issue, please contact the BLACKBULL compliance desk through the official contact channel. Do not include sensitive personal data in initial reports.

BLACKBULL is not responsible for unauthorised use. Information on this site is for reference only — verify with your attorney or compliance officer before acting on it.