ISO/IEC 27001 certified
BoardiGO runs on a certified information security management system. We do not hold SOC, HIPAA, FedRAMP or HDS attestations, and we will tell you that plainly rather than imply parity.
Trust
BoardiGO runs on an ISO 27001 certified security system.
It is designed so the proof of every decision and signature stays permanently attached to its record.
What we ship today
These are factual today. Approved scope wording, the DPA route, and the supporting evidence pack are shared under NDA for your security review.
BoardiGO's information security management system is ISO/IEC 27001 certified. The approved certificate, scope summary and security pack are provided for your security review.
Single sign-on is available on the Enterprise plan via WorkOS-backed identity for the common enterprise IdPs. Setup proof and the IdP matrix come with onboarding.
Enterprise plans include API access with bearer-token authentication and an M2M user context. Public reference docs are at doc.boardigo.com, and our team confirms the full route-scope detail with you.
Board members, secretaries, administrators and observers each have a distinct role with scoped access to the board record. Access is granted and revoked from the workspace, not from email forwards.
Every decision and signed artefact is attached to the meeting record where it was decided. Exports are designed so the chain of decisions, signatures and follow-up is inspectable rather than reconstructed.
Engineered and operated by a Luxembourg-headquartered team, and the people who can access production work from the same country.
Clear about our limits
Straight answers on what BoardiGO does and does not cover, so your security team can evaluate us without assumptions.
BoardiGO runs on a certified information security management system. We do not hold SOC, HIPAA, FedRAMP or HDS attestations, and we will tell you that plainly rather than imply parity.
BoardiGO is hosted in Europe. We do not offer a single-country contractual residency lock, private-cloud or on-prem deployment — worth settling early if data sovereignty is a hard requirement for you.
Access is secured with roles and Enterprise SSO. Mobile-device management, remote wipe and device control stay with your own MDM rather than living inside BoardiGO.
Records stay attached to the workflow and export cleanly. We describe exactly what that does rather than reach for "tamper-proof", "immutable" or "legal hold" — terms we hold to a higher evidence bar.
Enterprise customers get specific support and escalation terms in their commercial agreement. We keep generic uptime percentages off the marketing site rather than publish a number we would not contract to.
Procurement / security review
For procurement, security, or compliance reviews, request our evidence pack under NDA. It covers the ISO 27001 certificate and scope, the security architecture overview, sub-processors, the DPA route, and the incident-response summary.