Welcome back, Brent.
Your Bollong.AI account — customer ID, workspaces you can open, billing, team, and usage across MedValidator, MakeVsBuy, QMS Gap, Entrepreneur's Journey, and Med Journey AI — all in one place.
Workspaces
Manage all →Products where your identity has an active entitlement. A single sign-in crosses the ecosystem; a subscription is per-app.
Invoice history
Download all as CSV →| Invoice | Period | Description | Amount | Status | |
|---|---|---|---|---|---|
| INV-2026-0071 | Jul 1 – Jul 31 | Enterprise plan · 7 seats · Cross-app | $1,000.00 | Open | View |
| INV-2026-0058 | Jun 1 – Jun 30 | Enterprise plan · 6 seats · Cross-app | $1,000.00 | Paid | Receipt |
| INV-2026-0044 | May 1 – May 31 | MJAI Team · 4 seats + overage | $412.00 | Paid | Receipt |
| INV-2026-0031 | Apr 12 – Apr 30 | MJAI Team · prorated · 2 seats | $127.86 | Paid | Receipt |
|
Brent Bollong
brent@bollong.ai
|
Owner | 2026-04-12 |
|
Jamie Reyes
jamie@bollong.ai
|
Admin | 2026-05-02 |
|
Priya Menon
priya@remedymedicalmfg.com
|
Member | 2026-06-21 |
|
Alex Nguyen
alex@asu.edu
|
Member | 2026-06-21 |
|
3 invited
Pending sign-in
|
Invited | … |
Trust & Compliance
Full compliance overview →The three artifacts procurement teams ask for before signing. Security posture shows where you stand right now. Compliance & audit exports the evidence bundles internal auditors and enterprise-CMO reviewers need. Sub-processors is the downstream-vendor list your customers copy into their own vendor risk register.
audit_bundle_{yyyy_mm_dd}).
| Evidence bundle | Standard | Coverage window | Records | Last exported | |
|---|---|---|---|---|---|
|
User access review
Who has access to what · role changes · MFA status
|
SOC 2 CC6.1 · CC6.2 · CC6.3 | Trailing 90 days | 7 members · 3 keys · 2 OAuth · 4 webhooks | 2026-07-01 | Export CSV · Export PDF |
|
Audit trail export
Full activity log · signed session tokens · Vault promotions
|
21 CFR Part 11 §11.10(e) | Trailing 12 months | 184,412 events | 2026-07-05 | Export CSV · Export PDF |
|
Credential rotation history
API-key + webhook signing-secret rotations · timestamps · initiator
|
SOC 2 CC6.7 · internal policy | Trailing 24 months | 11 rotations · 0 revocations | 2026-06-30 | Export CSV · Export PDF |
|
Configuration change log
Billing · security · webhook endpoint · role assignment changes
|
SOC 2 CC7.1 · CC8.1 | Trailing 90 days | 62 changes · 5 initiators | 2026-07-01 | Export CSV · Export PDF |
|
Full compliance bundle
All four bundles above · plus signed vendor DPAs · signed cover letter
|
SOC 2 · 21 CFR Part 11 · HIPAA · GDPR | Custom range | One ZIP · ~2.4 MB avg | 2026-06-30 | Generate now → |
| Vendor | Role | Data category | Region | Agreement | |
|---|---|---|---|---|---|
| Vercel Application hosting | Web serving · edge caching · SSL termination | Request logs · session tokens | US · EU (data-residency zoning) | DPA · SCC | Download |
| Supabase Database + Auth + Storage | Primary application data · file storage · row-level RLS | Customer artifacts · PII · audit trail | US-East-1 (EU zone: on request) | DPA · SCC | Download |
| Anthropic LLM inference | AI persona drafting · document classification · chat | Prompt content · document excerpts (30-day retention) | US · Zero-retention available for Enterprise | DPA · Zero-retention | Download |
| Modal GPU + CAD compute | build123d CAD generation · Manufracturing engines | CAD specs · manifest data (no customer PII) | US | DPA | Download |
| Resend Transactional email | Device Evaluation reports · invoice · notification emails | Recipient email · report contents | US | DPA · SCC | Download |
| Stripe Payment processing | Subscriptions · invoices · payment methods | Billing PII · payment card tokens (never full PAN) | Global · PCI DSS Level 1 | DPA | Download |
| Sentry Error monitoring | Stack traces · request context · release tracking | Application errors (PII scrubbing enabled) | US · EU on request | DPA | Download |
Developer
SDK reference ↗Programmatic access + integrations. API keys for your own server-to-server workflows (Portfolio Importer, Migration API, custom automations). OAuth apps for third-party tools acting on behalf of your users (Notion, Zapier, PLM connectors). Webhooks for outbound events. All actions land in the audit log keyed by credential ID.
_live_ hits production data,
_test_ hits a sandbox tenant with no billing impact.
Full secret is shown once at creation — after that, only the prefix.
| Name | Prefix | Scopes | Last used | Rotation | |
|---|---|---|---|---|---|
|
Portfolio Importer · prod
CI pipeline · GitHub Actions
|
boll_pk_live_c4d1… | mjai:readmjai:writeprograms:read | 3 min ago | 44 days | Rotate · Revoke |
|
Migration tests · staging
QA harness · nightly regression
|
boll_pk_test_9a2f… | mjai:readmedvalidator:read | Yesterday | 64 days | Rotate · Revoke |
|
Remedy Medical · ERP sync
Tenant-scoped · Remedy Medical Mfg
|
boll_pk_live_74bc… | mjai:readcomponents:readdocuments:read | 14 h ago | 12 days | Rotate · Revoke |
| App | Owner | Scopes granted | Authorized | |
|---|---|---|---|---|
|
Notion · MJAI Sync
Mirrors program metadata into a Notion database
|
Jamie Reyes | programs:readcomponents:readprograms:write | 2026-06-14 | Manage · Disconnect |
|
Zapier
18 zaps · triggers on migration.complete, invoice.paid
|
Jamie Reyes | mjai:readbilling:events | 2026-05-30 | Manage · Disconnect |
|
Onshape · BOM link Preview
Pushes assembly BOMs into MJAI components on release
|
— | Not yet installed | — | Install → |
X-Bollong-Signature HMAC-SHA256 header
computed with the endpoint's signing secret — verify before
trusting the payload. Failed deliveries retry with exponential
backoff for 24 hours, then are queued for manual replay.
| Endpoint | Events | Signing secret | Last 20 deliveries | Last delivery | |
|---|---|---|---|---|---|
|
https://ops.bollong.ai/hooks/mjai
Internal ops dashboard
|
migration.completeprogram.approved | whsec_a91d… | 3 min ago · 200 OK | Logs · Rotate | |
|
https://remedy.local/mjai-bridge
Remedy Medical Mfg · ERP bridge
|
migration.completedevice_evaluation.saved | whsec_c47f… | 42 min ago · 200 OK | Logs · Rotate | |
|
https://hooks.zapier.com/hooks/catch/8/6a7d…
Zapier catch-all · 18 zaps downstream
|
invoice.paidmigration.completemember.invited | whsec_31e0… | 8 min ago · 202 Accepted | Logs · Rotate | |
|
https://legacy.internal/qms-inbox
Deprecated · queued for archive
|
document.uploaded | whsec_50b2… | Disabled 6 days ago | 6 days ago · 410 Gone | Logs · Delete |
// Headers Authorization: Bearer boll_pk_test_9a2f… Content-Type: application/json // Body { "filename": "ERD-001 Design Input Requirements.docx", "doc_type": "design_control", "confidence": "high", "source_url": "https://storage.bollong.ai/…", "pending_review": true }
trace_c8f2…
·
region iad1
// Response headers Content-Type: application/json X-Bollong-Request-Id: req_9K4x… X-RateLimit-Remaining: 598 X-RateLimit-Reset: 1783440000 // Response body { "id": "doc_01H8Q…", "program_id": "orbit-system", "filename": "ERD-001 Design Input Requirements.docx", "state": "pending", "created_at": "2026-07-07T22:14:07Z", "vault": { "doc_key": "design_control_orbit_erd_001", "version_label": "v0.1-draft" } }
https://remedy.local/mjai-bridge
// Headers Bollong sent POST /mjai-bridge HTTP/1.1 Host: remedy.local Content-Type: application/json X-Bollong-Signature: t=1783430552,v1=8f4a… X-Bollong-Event: migration.complete X-Bollong-Delivery: evt_migration_completed_c9a8 User-Agent: Bollong-Webhooks/1.0 // Body { "event": "migration.complete", "session_id": "ee246292-b905-…", "program_id": "orbit-system", "proposals_applied": 184, "pages_touched": [ "classification", "predicates", "device-evaluation" ] }
// Response from Remedy endpoint HTTP 200 OK Content-Type: application/json Date: Wed, 07 Jul 2026 20:12:22 GMT X-Remedy-Ingested: true X-Response-Time: 412ms // Response body { "received": true, "remedy_ticket_id": "RMD-8842", "queued_for_erp_sync": true, "note": "Bridge acknowledged after retry — cold cache warmed" }
Retry-After header. Tenant-level ceiling covers all
keys + OAuth grants combined.
| When | Credential | Action | Response |
|---|---|---|---|
| Jul 7 · 21:47:03Z |
boll_pk_live_c4d1…
Portfolio Importer · prod
|
POST /api/mjai/programs/orbit-system/documents |
201 |
| Jul 7 · 21:44:12Z |
whsec_a91d…
Internal ops · migration.complete
|
POST https://ops.bollong.ai/hooks/mjai |
200 |
| Jul 7 · 20:11:52Z |
whsec_c47f…
Remedy · ERP bridge
|
POST https://remedy.local/mjai-bridge |
504 |
| Jul 7 · 20:12:22Z |
whsec_c47f…
Remedy · ERP bridge · retry 1/6
|
POST https://remedy.local/mjai-bridge |
200 |
| Jul 7 · 18:04:31Z |
Console · session
brent@bollong.ai · 2FA verified
|
Created API key boll_pk_live_c4d1… with scopes mjai:readmjai:write |
201 |
| Jul 6 · 15:22:08Z |
Console · session
brent@bollong.ai
|
Payment method updated · Visa •••• 4029 | 200 |
-
↗DocumentationSDK reference, migration API, embed cookbook
-
↗ChangelogWeekly release notes across MJAI, EJ, and platform
-
↗System statusstatus.bollong.ai · uptime + incident history
-
↗Partner program3-tier cohort revenue share · Pioneer / Early / Standard
-
↗Security & SSO2FA, session management, SAML/SSO — Enterprise plan
-
↗Contact supportsupport@bollong.ai · response within one business day