Security
Three layers of trust, all designed for European business reality.
Trade Assurance is designed to run on Mangopay's e-money-institution infrastructure for the Q3 rollout, regulated by the Commission de Surveillance du Secteur Financier in Luxembourg and EU-passported. Buyer funds are intended to sit in segregated client accounts at the payment partner, not on BLUN's balance sheet.
Card payments run through Stripe (PCI-DSS Level 1 certified, the highest tier). BLUN never sees full card numbers — they're tokenized at Stripe and only a token is stored.
Production systems run in Hetzner Falkenstein (Germany) and Helsinki (Finland). User-facing data is handled through BLUN's EU-hosted controls, with access logging and processor review for every integration. Model-assisted features are routed through the BLUN gateway and are never used to train external models.
You can export everything we have on you in machine-readable JSON in one click (GDPR Article 15). You can delete it just as easily (Article 17). Audit log of who-touched-what for the last 24 months on every claimed listing.
Inquiry messages, AI translations, dispute discussions — all encrypted at rest with rotating per-tenant keys. In transit, TLS 1.3 only (no fallback to weaker ciphers). The AI translator processes content in-memory only; we don't train any model on user content.
Email + password (bcrypt-hashed, 12-round work factor) + optional TOTP 2FA via any standard authenticator app. SSO via SAML/OIDC available for Enterprise tier. Session cookies are HTTP-only, Secure, SameSite=Lax.
Coordinated disclosure or audit request? We respond within 48 hours.
security@blun.ai