Bardo do the work to understand what was bought
Product security
Product security
Product security
We ask for read only access to your accounts payable data, including invoices and receipts, so we can build an activity level, assurance ready inventory. This page explains exactly what we ingest, how access works, and which safeguards apply.
Our ask, clear and specific
Scope, read only ingestion of
Scope, read only ingestion of
Scope, read only ingestion of
Accounts Payable metadata
Accounts Payable metadata
Accounts Payable metadata
Accounts Payable metadata
Purchase orders and supplier master
Purchase orders and supplier master
Purchase orders and supplier master
Purchase orders and supplier master
Invoices and receipts, PDF, XML, EDI, images
Invoices and receipts, PDF, XML, EDI, images
Invoices and receipts, PDF, XML, EDI, images
Invoices and receipts, PDF, XML, EDI, images
Shipment and route data where relevant
Shipment and route data where relevant
Shipment and route data where relevant
Shipment and route data where relevant
Our promise
Our promise
Our promise
Your data always stays securely within your approved environment.
Your data always stays securely within your approved environment.
Your data always stays securely within your approved environment.
Your data always stays securely within your approved environment.
We interact seamlessly with your ERP and accounting systems without altering or disrupting them.
We interact seamlessly with your ERP and accounting systems without altering or disrupting them.
We interact seamlessly with your ERP and accounting systems without altering or disrupting them.
We interact seamlessly with your ERP and accounting systems without altering or disrupting them.
We ensure all processing excludes personally identifiable information (PII).
We ensure all processing excludes personally identifiable information (PII).
We ensure all processing excludes personally identifiable information (PII).
We ensure all processing excludes personally identifiable information (PII).
Your data is used exclusively for your purposes — never to train external or third-party models.
Your data is used exclusively for your purposes — never to train external or third-party models.
Your data is used exclusively for your purposes — never to train external or third-party models.
Your data is used exclusively for your purposes — never to train external or third-party models.
Multi-layer network security
Multi-layer network security
Multi-layer network security
IP allowlisting, cloud-native firewalls, zero-trust architecture, immutable audit logs
Data flow and access model
Connectivity options
Connectivity options
Connectivity options
Accepts uploads through SFTP, secure file drop, or authenticated API endpoints with TLS encryption
Accepts uploads through SFTP, secure file drop, or authenticated API endpoints with TLS encryption
Accepts uploads through SFTP, secure file drop, or authenticated API endpoints with TLS encryption
Accepts uploads through SFTP, secure file drop, or authenticated API endpoints with TLS encryption
Optional private link or VPN with IP allow-listing for customers with elevated data isolation requirements
Optional private link or VPN with IP allow-listing for customers with elevated data isolation requirements
Optional private link or VPN with IP allow-listing for customers with elevated data isolation requirements
Optional private link or VPN with IP allow-listing for customers with elevated data isolation requirements
Secure, read-only integrations to major ERP systems. We never write back or alter record
Secure, read-only integrations to major ERP systems. We never write back or alter record
Secure, read-only integrations to major ERP systems. We never write back or alter record
Secure, read-only integrations to major ERP systems. We never write back or alter record
Data flow
Data flow
Data flow
Files are received in an encrypted, segregated environment
Files are received in an encrypted, segregated environment
Files are received in an encrypted, segregated environment
Files are received in an encrypted, segregated environment
Financial documents are read, normalized, and converted into structured activity data
Financial documents are read, normalized, and converted into structured activity data
Financial documents are read, normalized, and converted into structured activity data
Financial documents are read, normalized, and converted into structured activity data
Each activity is matched to a supplier-specific or evidence-based emission factor, with source lineage maintained
Each activity is matched to a supplier-specific or evidence-based emission factor, with source lineage maintained
Each activity is matched to a supplier-specific or evidence-based emission factor, with source lineage maintained
Each activity is matched to a supplier-specific or evidence-based emission factor, with source lineage maintained
Results are committed to your Carbon Footprint Inventory, with full traceability from transaction to factor
Results are committed to your Carbon Footprint Inventory, with full traceability from transaction to factor
Results are committed to your Carbon Footprint Inventory, with full traceability from transaction to factor
Results are committed to your Carbon Footprint Inventory, with full traceability from transaction to factor
Exports and the Bardo Viewer app read from the inventory only, no external data movement
Exports and the Bardo Viewer app read from the inventory only, no external data movement
Exports and the Bardo Viewer app read from the inventory only, no external data movement
Exports and the Bardo Viewer app read from the inventory only, no external data movement
Core safeguards
SOC 2 Type II
in progress, target Early 2026
SOC 2 Type II
in progress, target Early 2026
SOC 2 Type II
SOC 2 Type II
in progress, target Early 2026
Strict access control
SSO and RBAC, least privilege, MFA, quarterly reviews
Strict access control
SSO and RBAC, least privilege, MFA, quarterly reviews
Strict access control
Strict access control
SSO and RBAC, least privilege, MFA, quarterly reviews
EU only hosting and processing
customer specific residency on request
EU only hosting and processing
customer specific residency on request
Centralised logging and monitoring
with anomaly alerts
Centralised logging and monitoring
with anomaly alerts
Centralised logging and monitoring
Centralised logging and monitoring
with anomaly alerts
Encryption everywhere
TLS in transit, strong encryption at rest
Encryption everywhere
TLS in transit, strong encryption at rest
Encryption everywhere
Encryption everywhere
TLS in transit, strong encryption at rest
Controls mirror the Trust center.
See trust center for full detail.
Secure development and operations
Secure SDLC with reviews, dependency scanning, and environment separation
Secure SDLC with reviews, dependency scanning, and environment separation
Secure SDLC with reviews, dependency scanning, and environment separation
Secure SDLC with reviews, dependency scanning, and environment separation
Regular third party penetration testing and vulnerability scanning
Regular third party penetration testing and vulnerability scanning
Regular third party penetration testing and vulnerability scanning
Regular third party penetration testing and vulnerability scanning
Documented business continuity and disaster recovery plans
Documented business continuity and disaster recovery plans
Documented business continuity and disaster recovery plans
Documented business continuity and disaster recovery plans
Formal incident response process with timely customer notifications
Formal incident response process with timely customer notifications
Formal incident response process with timely customer notifications
Formal incident response process with timely customer notifications
Data protection and privacy
GDPR compliant DPA with SCCs where applicable
GDPR compliant DPA with SCCs where applicable
GDPR compliant DPA with SCCs where applicable
GDPR compliant DPA with SCCs where applicable
Data deletion or return within 90 days of termination
Data deletion or return within 90 days of termination
Data deletion or return within 90 days of termination
Data deletion or return within 90 days of termination
Transparent subprocessor list at /security/subprocessors with change notifications
Transparent subprocessor list at /security/subprocessors with change notifications
Transparent subprocessor list at /security/subprocessors with change notifications
Transparent subprocessor list at /security/subprocessors with change notifications
AI safeguards, no provider training rights on customer data
AI safeguards, no provider training rights on customer data
AI safeguards, no provider training rights on customer data
AI safeguards, no provider training rights on customer data
Security
Human in the loop quality operations
Everything is monitored by specialists. Every corner case or uncertainty is flagged and corrected. Decisions write back to the inventory and into a training data store that improves the models.
What enters review
Capture exceptions, unreadable docs, missing fields
Capture exceptions, unreadable docs, missing fields
Capture exceptions, unreadable docs, missing fields
Capture exceptions, unreadable docs, missing fields
Mapping uncertainty, categories, units, route or model detection
Mapping uncertainty, categories, units, route or model detection
Mapping uncertainty, categories, units, route or model detection
Mapping uncertainty, categories, units, route or model detection
Factor selection conflicts and scope boundary checks
Factor selection conflicts and scope boundary checks
Factor selection conflicts and scope boundary checks
Factor selection conflicts and scope boundary checks
Generated LCAs that require assumptions
Generated LCAs that require assumptions
Generated LCAs that require assumptions
Generated LCAs that require assumptions
Controls
Role based approvals and four eyes for sensitive changes
Role based approvals and four eyes for sensitive changes
Role based approvals and four eyes for sensitive changes
Role based approvals and four eyes for sensitive changes
Immutable logs with user, time, before and after snapshots
Immutable logs with user, time, before and after snapshots
Immutable logs with user, time, before and after snapshots
Immutable logs with user, time, before and after snapshots
SLA targets, queue response within one business day, critical exception resolution within five business days
SLA targets, queue response within one business day, critical exception resolution within five business days
SLA targets, queue response within one business day, critical exception resolution within five business days
SLA targets, queue response within one business day, critical exception resolution within five business days
What you see
Queue status and change logs
Queue status and change logs
Queue status and change logs
Queue status and change logs
Uncertainty trend by category and supplier
Uncertainty trend by category and supplier
Uncertainty trend by category and supplier
Uncertainty trend by category and supplier
Factor specificity mix by ran
Factor specificity mix by ran
Factor specificity mix by ran
Factor specificity mix by ran
We ingest only fields required for activity mapping and audit
We ingest only fields required for activity mapping and audit
We ingest only fields required for activity mapping and audit
We ingest only fields required for activity mapping and audit
Optional masking of bank details and personal identifiers on documents
Optional masking of bank details and personal identifiers on documents
Optional masking of bank details and personal identifiers on documents
Optional masking of bank details and personal identifiers on documents
Field level rules for exports and APIs, hide or pseudonymise where needed
Field level rules for exports and APIs, hide or pseudonymise where needed
Field level rules for exports and APIs, hide or pseudonymise where needed
Field level rules for exports and APIs, hide or pseudonymise where needed
AI and model safeguards
Reasoning models run in controlled environments
Reasoning models run in controlled environments
Reasoning models run in controlled environments
Reasoning models run in controlled environments
No third party provider receives your data with training rights
No third party provider receives your data with training rights
No third party provider receives your data with training rights
No third party provider receives your data with training rights
Labels from human review are stored as training data, not full raw documents
Labels from human review are stored as training data, not full raw documents
Labels from human review are stored as training data, not full raw documents
Labels from human review are stored as training data, not full raw documents
New models are evaluated offline, then promoted with version notes
New models are evaluated offline, then promoted with version notes
New models are evaluated offline, then promoted with version notes
New models are evaluated offline, then promoted with version notes
What security teams ask, answered
Our platform is designed for secure, read-only ingestion, typically through encrypted batch uploads or integrations. All data handling follows EU-based storage, strict access controls, and documented deletion procedures.
Can you guarantee read only?
Yes. Bardo never writes to or modifies client systems. We ingest data via secure batch transfer (SFTP, object storage, API, or file drop) under read-only credentials. Access is time-bound, least-privilege, and reviewed quarterly with your team.
How do you separate tenants?
Each customer operates in a logically isolated environment with separate encryption keys, access policies, and audit logs. Data is hosted in EU-only Azure infrastructure, aligned with ISO 27001 and SOC 2 practices.
How do you prove lineage?
Every emission result includes a traceable chain from transaction → activity → factor, with immutable logs. You can verify this lineage directly in the Viewer app or export it as part of your audit package.
What is your data retention policy?
We retain uploaded data only as long as your subscription remains active. Upon termination, all data is securely deleted or returned within 90 days in line with GDPR and our DPA.
Do you support BYOK?
Yes, available for enterprise customers via Azure Key Vault. All data at rest is encrypted with AES-256, and in transit with TLS 1.2+ regardless of key management setup.
Can you guarantee read only?
Yes. Bardo never writes to or modifies client systems. We ingest data via secure batch transfer (SFTP, object storage, API, or file drop) under read-only credentials. Access is time-bound, least-privilege, and reviewed quarterly with your team.
How do you separate tenants?
Each customer operates in a logically isolated environment with separate encryption keys, access policies, and audit logs. Data is hosted in EU-only Azure infrastructure, aligned with ISO 27001 and SOC 2 practices.
How do you prove lineage?
Every emission result includes a traceable chain from transaction → activity → factor, with immutable logs. You can verify this lineage directly in the Viewer app or export it as part of your audit package.
What is your data retention policy?
We retain uploaded data only as long as your subscription remains active. Upon termination, all data is securely deleted or returned within 90 days in line with GDPR and our DPA.
Do you support BYOK?
Yes, available for enterprise customers via Azure Key Vault. All data at rest is encrypted with AES-256, and in transit with TLS 1.2+ regardless of key management setup.
Can you guarantee read only?
Yes. Bardo never writes to or modifies client systems. We ingest data via secure batch transfer (SFTP, object storage, API, or file drop) under read-only credentials. Access is time-bound, least-privilege, and reviewed quarterly with your team.
How do you separate tenants?
Each customer operates in a logically isolated environment with separate encryption keys, access policies, and audit logs. Data is hosted in EU-only Azure infrastructure, aligned with ISO 27001 and SOC 2 practices.
How do you prove lineage?
Every emission result includes a traceable chain from transaction → activity → factor, with immutable logs. You can verify this lineage directly in the Viewer app or export it as part of your audit package.
What is your data retention policy?
We retain uploaded data only as long as your subscription remains active. Upon termination, all data is securely deleted or returned within 90 days in line with GDPR and our DPA.
Do you support BYOK?
Yes, available for enterprise customers via Azure Key Vault. All data at rest is encrypted with AES-256, and in transit with TLS 1.2+ regardless of key management setup.
Can you guarantee read only?
Yes. Bardo never writes to or modifies client systems. We ingest data via secure batch transfer (SFTP, object storage, API, or file drop) under read-only credentials. Access is time-bound, least-privilege, and reviewed quarterly with your team.
How do you separate tenants?
Each customer operates in a logically isolated environment with separate encryption keys, access policies, and audit logs. Data is hosted in EU-only Azure infrastructure, aligned with ISO 27001 and SOC 2 practices.
How do you prove lineage?
Every emission result includes a traceable chain from transaction → activity → factor, with immutable logs. You can verify this lineage directly in the Viewer app or export it as part of your audit package.
What is your data retention policy?
We retain uploaded data only as long as your subscription remains active. Upon termination, all data is securely deleted or returned within 90 days in line with GDPR and our DPA.
Do you support BYOK?
Yes, available for enterprise customers via Azure Key Vault. All data at rest is encrypted with AES-256, and in transit with TLS 1.2+ regardless of key management setup.
