Sample account. Sign in to see your real customer ID, invoices, usage, and API keys.
Sign in →
Plan
Enterprise
Cross-app · 7 seats · $1,000/mo
Customer ID
cus_H8xQ4wnJ
Member since 2026-04-12
Month-to-date
$742.18
▲ $84 vs prior period
Next invoice
Aug 1
Est. $1,142.50 · Visa •••• 4029

Workspaces

Manage all →

Products where your identity has an active entitlement. A single sign-in crosses the ecosystem; a subscription is per-app.

Billing snapshot
Plan Enterprise · Cross-app
Renews on 2026-08-01
Payment method Visa ending 4029
Billing email billing@bollong.ai
Tax ID (EIN) 88-•••4231
Usage this month Jul 1 – Jul 7
MJAI · AI drafts
62% · 124 / 200
MJAI · Vault snaps
34% · 68 / 200
EJ · AI drafts
22% · 44 / 200
MedValidator
9% · 18 / 200
Make vs Buy
6% · 3 analyses
Detailed usage: per-endpoint breakdown →

Invoice history

Download all as CSV →
Invoice Period Description Amount Status
INV-2026-0071 Jul 1 – Jul 31 Enterprise plan · 7 seats · Cross-app $1,000.00 Open View
INV-2026-0058 Jun 1 – Jun 30 Enterprise plan · 6 seats · Cross-app $1,000.00 Paid Receipt
INV-2026-0044 May 1 – May 31 MJAI Team · 4 seats + overage $412.00 Paid Receipt
INV-2026-0031 Apr 12 – Apr 30 MJAI Team · prorated · 2 seats $127.86 Paid Receipt
Team members 7 seats
Brent Bollong
brent@bollong.ai
Owner 2026-04-12
Jamie Reyes
jamie@bollong.ai
Admin 2026-05-02
Priya Menon
priya@remedymedicalmfg.com
Member 2026-06-21
Alex Nguyen
alex@asu.edu
Member 2026-06-21
3 invited
Pending sign-in
Invited
Enterprises Pattern A
Remedy Medical Mfg
2 companies · 4 seats
Active Manage →
ASU · School of Innovation
1 company · 3 seats
Active Manage →
FlexBio
Onboarding — demo tenant
Pending Open →

Trust & Compliance

Full compliance overview →

The three artifacts procurement teams ask for before signing. Security posture shows where you stand right now. Compliance & audit exports the evidence bundles internal auditors and enterprise-CMO reviewers need. Sub-processors is the downstream-vendor list your customers copy into their own vendor risk register.

Security posture
80/100
Steady · 2 gaps
Two-factor auth enabled brent@bollong.ai · TOTP Manage →
API keys rotated within policy 3 keys · avg 40 days · policy 90 Rotate →
! One OAuth app inactive 92 days Zapier last used Apr 7 Review →
All members verified 7 of 7 signed in within 60 days Members →
! IP allowlist not configured Enterprise-tier feature · optional Configure →
Session hygiene 2 active sessions · idle-timeout 30 min Sessions →
Compliance frameworks
SOC 2 Type II Report FY26 Current
21 CFR Part 11 §11.10(e) audit trail Attestable
HIPAA · BAA available On request Request →
GDPR · DPA Standard Contractual Clauses Signed
ISO 27001 Roadmap · Q1 FY27 Planned
Uptime · 30 days
99.94%
Enterprise SLA: 99.9% monthly · credit if breached
Last incident: Jun 25 · 42 min degraded (MJAI persona latency)
status.bollong.ai →
Compliance & audit exports
One-click evidence bundles for internal QMS auditors, external accreditation reviewers, and enterprise-CMO procurement. Every bundle is signed with the console session identity + timestamp and archived to the Vault as an immutable snapshot (Vault doc-key audit_bundle_{yyyy_mm_dd}).
Schedule quarterly export →
Evidence bundle Standard Coverage window Records Last exported
User access review
Who has access to what · role changes · MFA status
SOC 2 CC6.1 · CC6.2 · CC6.3 Trailing 90 days 7 members · 3 keys · 2 OAuth · 4 webhooks 2026-07-01 Export CSV · Export PDF
Audit trail export
Full activity log · signed session tokens · Vault promotions
21 CFR Part 11 §11.10(e) Trailing 12 months 184,412 events 2026-07-05 Export CSV · Export PDF
Credential rotation history
API-key + webhook signing-secret rotations · timestamps · initiator
SOC 2 CC6.7 · internal policy Trailing 24 months 11 rotations · 0 revocations 2026-06-30 Export CSV · Export PDF
Configuration change log
Billing · security · webhook endpoint · role assignment changes
SOC 2 CC7.1 · CC8.1 Trailing 90 days 62 changes · 5 initiators 2026-07-01 Export CSV · Export PDF
Full compliance bundle
All four bundles above · plus signed vendor DPAs · signed cover letter
SOC 2 · 21 CFR Part 11 · HIPAA · GDPR Custom range One ZIP · ~2.4 MB avg 2026-06-30 Generate now →
Sub-processors & downstream vendors
Every third party that processes your data on our behalf, with their data-handling role and current DPA status. Copy this list into your own vendor risk register. A change here — new sub-processor, upgraded role, dropped vendor — triggers a notice to security@bollong.ai subscribers with 30 days advance warning.
Request DPA · Request BAA →
Vendor Role Data category Region Agreement
Vercel Application hosting Web serving · edge caching · SSL termination Request logs · session tokens US · EU (data-residency zoning) DPA · SCC Download
Supabase Database + Auth + Storage Primary application data · file storage · row-level RLS Customer artifacts · PII · audit trail US-East-1 (EU zone: on request) DPA · SCC Download
Anthropic LLM inference AI persona drafting · document classification · chat Prompt content · document excerpts (30-day retention) US · Zero-retention available for Enterprise DPA · Zero-retention Download
Modal GPU + CAD compute build123d CAD generation · Manufracturing engines CAD specs · manifest data (no customer PII) US DPA Download
Resend Transactional email Device Evaluation reports · invoice · notification emails Recipient email · report contents US DPA · SCC Download
Stripe Payment processing Subscriptions · invoices · payment methods Billing PII · payment card tokens (never full PAN) Global · PCI DSS Level 1 DPA Download
Sentry Error monitoring Stack traces · request context · release tracking Application errors (PII scrubbing enabled) US · EU on request DPA Download
BAA request flow: If your medical-device product touches PHI, request a Business Associate Agreement via security@bollong.ai. Turnaround: 5 business days. BAA extends HIPAA compliance obligations to Bollong.AI + all applicable sub-processors above marked with a BAA rider (Supabase · Anthropic · Modal · Resend).

Developer

SDK reference ↗

Programmatic access + integrations. API keys for your own server-to-server workflows (Portfolio Importer, Migration API, custom automations). OAuth apps for third-party tools acting on behalf of your users (Notion, Zapier, PLM connectors). Webhooks for outbound events. All actions land in the audit log keyed by credential ID.

API keys · Server-to-server
Bearer-token credentials owned by your own infrastructure. Prefix indicates environment: _live_ hits production data, _test_ hits a sandbox tenant with no billing impact. Full secret is shown once at creation — after that, only the prefix.
+ New key
Name Prefix Scopes Last used Rotation
Portfolio Importer · prod
CI pipeline · GitHub Actions
boll_pk_live_c4d1… mjai:readmjai:writeprograms:read 3 min ago 44 days Rotate · Revoke
Migration tests · staging
QA harness · nightly regression
boll_pk_test_9a2f… mjai:readmedvalidator:read Yesterday 64 days Rotate · Revoke
Remedy Medical · ERP sync
Tenant-scoped · Remedy Medical Mfg
boll_pk_live_74bc… mjai:readcomponents:readdocuments:read 14 h ago 12 days Rotate · Revoke
OAuth apps · Third-party integrations
Third-party tools your users have authorized to act on your tenant's behalf. Standard OAuth 2.0 authorization-code + refresh-token flow. Each grant is user-owned and revokable per-app; revoking here disconnects the integration for the whole tenant. Scopes shown are the union of what the app requested.
Browse the marketplace →
App Owner Scopes granted Authorized
Notion · MJAI Sync
Mirrors program metadata into a Notion database
Jamie Reyes programs:readcomponents:readprograms:write 2026-06-14 Manage · Disconnect
Zapier
18 zaps · triggers on migration.complete, invoice.paid
Jamie Reyes mjai:readbilling:events 2026-05-30 Manage · Disconnect
Onshape · BOM link Preview
Pushes assembly BOMs into MJAI components on release
Not yet installed Install →
Webhooks · Outbound events
HTTPS POSTs to your endpoints on selected events. Every request carries an X-Bollong-Signature HMAC-SHA256 header computed with the endpoint's signing secret — verify before trusting the payload. Failed deliveries retry with exponential backoff for 24 hours, then are queued for manual replay.
+ New endpoint
Endpoint Events Signing secret Last 20 deliveries Last delivery
https://ops.bollong.ai/hooks/mjai
Internal ops dashboard
migration.completeprogram.approved whsec_a91d… 3 min ago · 200 OK Logs · Rotate
https://remedy.local/mjai-bridge
Remedy Medical Mfg · ERP bridge
migration.completedevice_evaluation.saved whsec_c47f… 42 min ago · 200 OK Logs · Rotate
https://hooks.zapier.com/hooks/catch/8/6a7d…
Zapier catch-all · 18 zaps downstream
invoice.paidmigration.completemember.invited whsec_31e0… 8 min ago · 202 Accepted Logs · Rotate
https://legacy.internal/qms-inbox
Deprecated · queued for archive
document.uploaded whsec_50b2… Disabled 6 days ago 6 days ago · 410 Gone Logs · Delete
Playground · Try an API call
Pick an endpoint, edit the JSON body, hit Send. Response with headers. Uses your test key by default (no billing impact, no persistent data change). Toggle to live to hit production data with the confirmation flow.
Test mode Copy as curl
Request Endpoint · Browse ↗
POST /api/mjai/programs/{program_id}/documents
// Headers
Authorization: Bearer boll_pk_test_9a2f…
Content-Type: application/json

// Body
{
  "filename": "ERD-001 Design Input Requirements.docx",
  "doc_type": "design_control",
  "confidence": "high",
  "source_url": "https://storage.bollong.ai/…",
  "pending_review": true
}
Response 187 ms · 201 Created
201 Created · trace_id trace_c8f2… · region iad1
// Response headers
Content-Type: application/json
X-Bollong-Request-Id: req_9K4x…
X-RateLimit-Remaining: 598
X-RateLimit-Reset: 1783440000

// Response body
{
  "id": "doc_01H8Q…",
  "program_id": "orbit-system",
  "filename": "ERD-001 Design Input Requirements.docx",
  "state": "pending",
  "created_at": "2026-07-07T22:14:07Z",
  "vault": {
    "doc_key": "design_control_orbit_erd_001",
    "version_label": "v0.1-draft"
  }
}
Webhook debugger · Remedy ERP bridge
Full request + response for the last delivery on this endpoint, plus a 20-attempt timeline including retries. Click "Replay" to resend the exact payload — useful for reproducing a customer-side bug without waiting for the next real event, or for backfilling after a customer downstream outage.
evt_migration_completed_c9a8 Delivered · retry 1/6 2026-07-07 20:11:52 UTC → 20:12:22 UTC (+30s)
Endpoint: https://remedy.local/mjai-bridge
Request
// Headers Bollong sent
POST /mjai-bridge HTTP/1.1
Host: remedy.local
Content-Type: application/json
X-Bollong-Signature: t=1783430552,v1=8f4a…
X-Bollong-Event: migration.complete
X-Bollong-Delivery: evt_migration_completed_c9a8
User-Agent: Bollong-Webhooks/1.0

// Body
{
  "event": "migration.complete",
  "session_id": "ee246292-b905-…",
  "program_id": "orbit-system",
  "proposals_applied": 184,
  "pages_touched": [
    "classification",
    "predicates",
    "device-evaluation"
  ]
}
Response
// Response from Remedy endpoint
HTTP 200 OK
Content-Type: application/json
Date: Wed, 07 Jul 2026 20:12:22 GMT
X-Remedy-Ingested: true
X-Response-Time: 412ms

// Response body
{
  "received": true,
  "remedy_ticket_id": "RMD-8842",
  "queued_for_erp_sync": true,
  "note": "Bridge acknowledged after retry — cold cache warmed"
}
Delivery timeline · this event
20:11:52 UTC 504 Initial attempt · Gateway Timeout after 15s (Remedy endpoint cold) attempt 1
20:12:22 UTC 200 Retry after 30s backoff · Remedy warmed cache · delivered attempt 2 · retry
Rate limits · Current tier
Enterprise plan quota. Peaks below the ceiling for the trailing 7 days. Requests exceeding the per-minute cap return 429 with a Retry-After header. Tenant-level ceiling covers all keys + OAuth grants combined.
Request a higher limit →
Requests per minute
Ceiling (Enterprise) 600 / min
7-day peak 312 · Jul 3, 14:22 UTC
Headroom 48% · Steady
Migration jobs / day
Ceiling 50 / day
7-day peak 14 · Jul 5
Headroom 72% · Steady
Webhook fan-out
Endpoints (of 20) 4 active
7-day delivery rate 99.4%
Failed & retrying 2 events
Audit log · Credential activity
Every action taken by an API key, OAuth grant, or webhook signing secret is written to an append-only log with the credential ID, endpoint, response code, and tenant. Exportable as CSV for QMS internal audits (21 CFR Part 11 §11.10(e)).
Export CSV → · Open full log →
When Credential Action Response
Jul 7 · 21:47:03Z
boll_pk_live_c4d1…
Portfolio Importer · prod
POST /api/mjai/programs/orbit-system/documents 201
Jul 7 · 21:44:12Z
whsec_a91d…
Internal ops · migration.complete
POST https://ops.bollong.ai/hooks/mjai 200
Jul 7 · 20:11:52Z
whsec_c47f…
Remedy · ERP bridge
POST https://remedy.local/mjai-bridge 504
Jul 7 · 20:12:22Z
whsec_c47f…
Remedy · ERP bridge · retry 1/6
POST https://remedy.local/mjai-bridge 200
Jul 7 · 18:04:31Z
Console · session
brent@bollong.ai · 2FA verified
Created API key boll_pk_live_c4d1… with scopes mjai:readmjai:write 201
Jul 6 · 15:22:08Z
Console · session
brent@bollong.ai
Payment method updated · Visa •••• 4029 200
SDK & documentation
Official clients for JavaScript / TypeScript, Python, and Go. Migration API, Portfolio Importer, and embed cookbook all live under one reference.
Recent activity
Jul 7 · 21:47 MJAI · Auto-migrated 18 documents into ORBIT System. Device Evaluation report emailed to brent@bollong.ai.
Jul 7 · 18:04 Console · New API key created — Production · portfolio-importer.
Jul 6 · 15:22 Billing · Payment method updated to Visa •••• 4029.
Jul 5 · 09:11 Members · Invited priya@remedymedicalmfg.com to the Remedy Medical Mfg enterprise.
Jul 1 · 12:00 Invoice · INV-2026-0071 issued for the Enterprise plan — $1,000.00 due Aug 1.
Jun 30 · 17:37 MJAI · Device Evaluation — ORBIT System saved to Vault + emailed.
Quick links
© 2026 Bollong.AI · console.bollong.ai · v0.1 bollong.ai · resources · privacy · terms