// Trust & Security Report

    Bardeen Inc. logo

    Bardeen Inc.

    Agentic web scraper for lead research, enrichment, and qualification. Core products: Web Scraper (data extraction), Web Search (AI-powered research), Enrichment (contact validation), and Qualification (AI lead filtering). Offers browser-based automation with cloud instances for scheduled workflows. No persistent data storage on cloud after automation completes.

    Certifications held

    3

    Maturity

    Growth

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II
    HELD

    As of April 1, 2024, we are proud to announce our compliance with the AICPA SOC 2 Type 2 standards

    Verify on bardeen.ai
    GDPR
    HELD

    Adheres to EU's GDPR compliance checklist for US companies... EU Standard Contractual Clauses for international transfers

    Verify on bardeen.ai
    CASA (Cloud Application Security Assessment) Tier 2 and Tier 3
    HELD

    Meets Tier 2 and Tier 3 of the Cloud Application Security Assessment (CASA) based on OWASP Application Security Verification Standard (ASVS)

    Verify on bardeen.ai
    > Show 5 unconfirmed / not-held certifications
    HIPAA
    NOT CONFIRMED

    No public evidence on vendor domain; claimed by third-party aggregators but not mentioned on Bardeen's own security page

    source: bardeen.ai
    ISO 27001
    NOT CONFIRMED

    No public evidence on vendor domain; notably absent despite being industry standard paired with SOC 2 Type II

    source: bardeen.ai
    PCI DSS
    NOT CONFIRMED

    No public evidence on vendor domain

    source: bardeen.ai
    FedRAMP
    NOT CONFIRMED

    No public evidence on vendor domain

    source: bardeen.ai
    CSA STAR
    NOT CONFIRMED

    No public evidence on vendor domain; claimed by third-party aggregator but not on Bardeen's own security page

    source: bardeen.ai

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Not offered

    Data region

    Not specified; US-based company with EU Standard Contractual Clauses for EEA/UK/Swiss data transfers

    Explicit pledge: 'Any personal information obtained via any 3rd Party API integration, including, but not limited to Google Drive, Google Mail and others, will only be used for providing and improving automation features of the product. This data will not be used for training of any generalized AI models, internal or external.' Bardeen may use aggregated/derived usage data and trends (non-personal) to improve generative features.

    // Security controls

    Encryption in Transit

    TLS 1.2 protocol

    bardeen.ai

    Encryption at Rest

    256-bit AES encryption on cloud infrastructure

    bardeen.ai

    Browser Storage

    App data persists only in local browser cache; no third-party or website can access unless device is compromised

    bardeen.ai

    Cloud Automation Data Handling

    Cloud instances of Bardeen have no storage capabilities; all data is erased after playbook execution completes

    bardeen.ai

    Server-Stored Data

    Limited to connected apps and access configurations, custom Playbook and Autobook data only

    bardeen.ai

    Authentication Methods

    Single sign-on (SSO), Okta integration, Google and Microsoft login, two-factor authentication via email and SMS

    bardeen.ai

    Code Review & Vulnerability Scanning

    All code changes undergo peer-review; code automatically scanned for known security vulnerabilities with timely patches

    bardeen.ai

    // Products & data scope

    Web ScraperData Extraction

    data: Extracts public web data; no persistent server storage

    Core product for lead sourcing and data collection

    Web SearchResearch

    data: AI-powered research and lead generation via search providers

    Integrates with leading AI and web search providers

    EnrichmentData Enrichment

    data: Validates and enriches contact information

    Instant verification of contact data

    QualificationAI Filtering

    data: AI-driven lead prioritization based on user criteria

    Describes ideal leads for AI to prioritize

    Workflow Intelligence Platform (Cloud Automation)Automation

    data: Scheduled playbooks running in cloud with no data persistence

    Enterprise feature; no data stored after execution

    // What to watch

    • Third-party security aggregator (Nudge Security) claims HIPAA, ISO 27001, PCI, FedRAMP, and CSA STAR that are NOT listed on Bardeen's own security page. This is a potential over-claim or misrepresentation in external sources. Recommend clarification from vendor.
    • ISO 27001 and HIPAA are notably absent from vendor's claims despite being industry-standard certifications commonly paired with SOC 2 Type II. This is unusual for a security-focused product and warrants inquiry.
    • CASA Tier 2/3 is a less widely recognized standard compared to ISO 27001; clarity on its scope and validation strength would be helpful.
    • Data Processing Agreement (DPA) not mentioned in Terms of Service. While GDPR compliance is claimed, explicit DPA availability should be confirmed with vendor.
    • Data residency/region not specified on security or privacy pages. Standard Contractual Clauses are mentioned for EU data, but primary storage region remains unclear.
    • No self-hosted or on-premise deployment option mentioned; cloud-only architecture.
    • Cloud automation feature has zero data persistence (data erased after execution), which is excellent for privacy but may require clarification for compliance audits.

    // At a glance

    Pricing model

    Freemium tier + paid plans (specific tiers not detailed in evidence)

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Bardeen Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    bardeen.ai

    > Browse all vendor trust reports