Switchy
Sign up
otherapi_key

Borneo

Borneo is a data security and privacy platform designed for sensitive data discovery and remediation.

Verdict

Borneo is a data privacy and compliance platform that maps data flows, tracks processing activities, and manages consent across your cloud infrastructure. In Switchy, @mentioning Borneo lets your team scan cloud resources for sensitive data, retrieve DPIA assessments, manage recipient lists, and audit domain configurations — all without leaving the conversation. Privacy officers and compliance teams get the most value, especially during audits or when onboarding new vendors. The API key setup is straightforward, but you'll need admin-level Borneo credentials to access scan results and create processing records.

Common use cases

  • Audit cloud storage for PII during sprints
  • Generate DPIA reports before vendor reviews
  • Archive stale recipient records in bulk
  • Schedule recurring scans for compliance checks
  • Create dashboard users for new team members

Integration

Vendor
Borneo
Category
other
Auth
API_KEY
Tools
50
Composio slug
borneo

Tools

  • Access scan iteration by id

    Retrieves detailed information about a specific scan iteration in the borneo integration platform. this endpoint allows users to fetch the current status, results, and metadata associated with a particular scan iteration. it should be used

  • Add discovered recipients

    Adds multiple discovered recipients to the system as confirmed recipients. this endpoint should be used when you have a list of previously discovered recipient ids that you want to officially add to your recipient database. it's particularl

  • Archive discovered recipient

    Archives a specific discovered recipient in the borneo platform. this endpoint is used to move a discovered recipient's data into an archived state, which may be useful for compliance, data retention, or organizational purposes. it should b

  • Create and schedule cloud resource scan

    The createscan endpoint initiates a new scan operation in the borneo integration platform, allowing users to configure and schedule data scans across various cloud resources. this powerful tool enables users to set up both one-time and recu

  • Create dashboard user

    Creates a new dashboard user in the borneo integration platform with specified roles, organizational access, and authentication settings. this endpoint allows for granular control over user permissions across different organizations and dep

  • Create department with translations

    Creates a new department in the borneo integration platform. this endpoint allows you to add a department to the system with support for multilingual information. it's particularly useful when setting up the organizational structure within

  • Create domain with polling frequency

    Creates a new domain within the borneo integration platform, allowing for automatic polling and management of connected systems or applications. this endpoint is used to set up a new integration point with a specific name and polling freque

  • Create dpia for processing activity

    Creates a new data protection impact assessment (dpia) for a specific processing activity in the borneo application. this endpoint allows users to comprehensively assess and document privacy risks associated with data processing, including

  • Create employee with json payload

    Creates a new employee record in the borneo integration platform. this endpoint allows you to add an employee to the system with various details such as personal information, job-related data, and organizational structure. it's primarily us

  • Create headquarter entry

    Creates a new headquarters entry in the borneo integration platform. this endpoint allows users to register the main office or primary location of a company or organization within the system. it captures essential information about the head

  • Create legal document entry

    Creates or uploads a new legal document in the borneo integration platform with specified metadata. this endpoint allows users to add various types of legal documents, such as privacy policies or data processing agreements, to the system. i

  • Create new asset

    Creates a new asset in the borneo integration platform. this endpoint allows users to add various types of assets to their inventory, ranging from hardware and software applications to office furniture and documentation. it's primarily used

  • Create new infotype category

    Creates a new infotype category in the borneo integration platform, allowing users to organize and group related sensitive data types. this endpoint is used to establish a structured hierarchy for managing various infotypes, such as pii, pf

  • Create processing activity

    Creates a new processing activity in the borneo integration platform. this endpoint allows users to define and configure detailed attributes of a data processing activity, including its purpose, legal basis, data sources, subjects, retentio

  • Create processing activity threshold

    Creates a new threshold for a specific data processing activity in the context of lopdp (law on personal data protection) compliance. this endpoint is used to define and assess various risk factors associated with data processing activities

  • Create recipient with details

    Creates a new recipient in the borneo integration platform. this endpoint is used to register and manage detailed information about entities that receive or process data within the system. it captures essential details for compliance with d

  • Create threshold for processing activity

    Creates a new threshold for a specific data processing activity in the borneo integration platform. this endpoint is used to define and set various characteristics and risk factors associated with a data processing activity, which is crucia

  • Delete asset by id
    destructive

    The deleteasset endpoint removes a specific asset from the borneo integration platform. this operation is used when an asset needs to be permanently deleted from the system, such as when it's no longer relevant or has been decommissioned. t

  • Delete category by label
    destructive

    Deletes a specific category from the borneo integration platform using its unique label. this endpoint should be used when you need to remove an entire category and all its associated data from the system. it's particularly useful for clean

  • Delete dashboard report by id
    destructive

    Deletes a specific dashboard report from the borneo integration platform. this endpoint should be used when you need to permanently remove a dashboard report that is no longer needed or relevant. it's important to note that this action is i

  • Delete data breach by id
    destructive

    Deletes a specific data breach evaluation record from the borneo system. this endpoint should be used when an organization needs to remove an evaluation record, typically in cases where the record is no longer relevant, contains errors, or

  • Delete department by id
    destructive

    Deletes a specific department from the borneo platform using its unique identifier. this endpoint should be used when you need to remove a department that is no longer relevant or has been decommissioned. it's important to note that this op

  • Delete domain by id
    destructive

    Deletes a specific domain from the borneo integration platform. this endpoint permanently removes all data and configurations associated with the specified domain. use this operation with caution, as it cannot be undone. it should be used w

  • Delete dpia by id
    destructive

    Deletes a specific data protection impact assessment (dpia) from the borneo system. this endpoint should be used when a dpia is no longer needed or relevant, such as when a project has been completed or cancelled, or when the assessment nee

  • Delete employee by id
    destructive

    Deletes an employee record from the borneo system using the specified employee id. this endpoint should be used when an employee leaves the organization or when their record needs to be permanently removed from the system. once deleted, the

  • Delete headquarters by id
    destructive

    Deletes a specific headquarters record from the borneo system. this endpoint should be used when you need to permanently remove a headquarters entry from your organization's data. it's particularly useful for cleaning up obsolete or erroneo

  • Delete legal document by id
    destructive

    Deletes a specific legal document from the borneo platform using its unique identifier. this endpoint should be used when a document needs to be permanently removed from the system, such as when it's no longer relevant, outdated, or to comp

  • Delete lopdp threshold by id
    destructive

    This endpoint deletes a specific lopdp (local public data protection) threshold from the borneo integration platform. it is used to remove outdated, incorrect, or no longer applicable thresholds related to data protection regulations. the d

  • Delete processing activity by id
    destructive

    Deletes a specific processing activity from the borneo integration platform. this endpoint should be used when you need to permanently remove a data processing activity that is no longer required or valid. it's important to note that this a

  • Delete recipient by id
    destructive

    Deletes a specific recipient from the borneo integration platform. this endpoint should be used when you need to permanently remove a recipient's information from the system, such as when a contact is no longer valid or when correcting erro

  • Delete tag from resource
    destructive

    The deletetags endpoint removes specified tags from resources in the borneo integration platform. it allows users to delete tags based on their key, and optionally, their value, from a set of resources defined either by a filter or a list o

  • Delete threshold by id
    destructive

    Deletes a specific threshold from the borneo integration platform. this endpoint should be used when you need to remove a threshold that is no longer required for monitoring or alerting purposes within your integrations. it permanently remo

  • Disable dashboard user by username

    Disables a specified user account in the borneo dashboard, preventing further access to the system. this endpoint should be used when an administrator needs to revoke a user's access to the borneo integration platform, such as when an emplo

  • Download dashboard report

    The downloaddashboardreport endpoint allows users to download specific types of dashboard reports from the borneo integration platform. this post endpoint is designed to generate and retrieve comprehensive reports related to privacy operati

  • Download dashboard report edition

    Downloads a specific dashboard report edition from the borneo integration platform. this endpoint allows users to retrieve a particular version or iteration of a dashboard report by providing its unique identifier. it should be used when a

  • Enable dashboard user

    Enables dashboard access for a specified user in the borneo integration platform. this endpoint is used to grant or restore a user's ability to view and interact with dashboards within the system. it should be called when an administrator n

  • Evaluate data breach impact

    This endpoint allows users to evaluate and document details of a data breach incident. it is used to capture comprehensive information about a breach, including notifications made, affected parties, and an overall assessment. the endpoint s

  • Export filtered leaf resources

    The listleafresources endpoint exports a comprehensive list of leaf resources in the borneo integration platform, allowing for extensive filtering, sorting, and detailed information retrieval. it's designed to facilitate data discovery, cla

  • Export insight page using scanid

    The exportpageinsight endpoint allows users to export filtered inspection results from a specific scan in the borneo integration platform. this tool is particularly useful for retrieving and analyzing detailed information about scanned page

  • Export inventory resource list

    Exports a filtered and sorted list of inventory resources from the borneo integration platform. this endpoint allows for extensive customization of the exported data, including pagination, field selection, sorting, and filtering based on va

  • Export processing activities list

    This endpoint exports a filtered list of processing activities in specified formats and languages. it allows users to retrieve data about various data processing activities, which can be customized using multiple filter criteria. the export

  • Export recipients list with filter

    The exportrecipientslist endpoint generates and exports a list of recipients based on specified criteria. it allows for flexible data extraction in multiple formats (csv, pdf, or doc) with extensive filtering options. this endpoint is ideal

  • Fetch dashboard report by id

    Retrieves a specific dashboard report from the borneo integration platform. this endpoint allows users to access detailed analytics and reporting data for a particular dashboard, providing insights into data exchange, workflow automation, a

  • Fetch data breach evaluation

    Retrieves detailed information about a specific evaluated data breach incident. this endpoint should be used when you need to access comprehensive details about a particular data breach that has been assessed within the borneo platform. it

  • Filter and list inspection results

    The insightlistpost endpoint retrieves a list of inspection results from the borneo integration platform. it allows users to fetch either scan-level or page-level results based on specified criteria. this endpoint is particularly useful for

  • Filter and sort assets list

    The listassets endpoint retrieves a customized list of assets from borneo. it supports flexible filtering and sorting, enabling efficient asset management. use this endpoint for generating reports, conducting audits, or searching specific i

  • Filter employee list

    The filteremployeelist endpoint allows you to retrieve a filtered list of employees based on specified criteria. this post operation is designed for querying employee data within the borneo integration platform, enabling efficient data retr

  • Filter recipients list

    The filterrecipientslist endpoint allows users to retrieve a filtered list of recipients based on specified criteria. this post method endpoint is designed to narrow down a potentially large set of recipients to a more manageable subset tha

  • Get category by label

    Retrieves detailed information about a specific category within borneo's data classification system using the category's unique label. this endpoint is used to fetch metadata, attributes, and potentially associated data points for a given c

  • Get cloud account by id

    Retrieves detailed information about a specific cloud account within the borneo integration platform. this endpoint should be used when you need to access or verify the configuration, status, or properties of a particular cloud account. it

Setup

Setup guide

  1. 11. In Switchy, open your workspace settings and navigate to the Integrations tab. 2. Search for Borneo and click Connect. 3. You'll be prompted to enter a Borneo API key — generate one from your Borneo dashboard under Settings > API Access (requires admin permissions). 4. Paste the key into Switchy and click Authorize. 5. Switchy will verify the connection by fetching your organization's domain list. 6. Once connected, open any Space and type '@Borneo list my active scans' to confirm the integration works. 7. If the response includes scan data, you're ready to invoke any of Borneo's 50 tools directly in chat. 8. To test a more complex workflow, try '@Borneo create a new cloud resource scan for our AWS S3 buckets' and watch the scan initiate in real time.

What teammates see: by default, memories from Borneo are scoped to the Space (PROJECT visibility) - you can mark any memory PRIVATE or share it ORG-wide.

Works well with

Top models

Compatibility data appears once enough Spaces have used this MCP together with a given model.

How Switchy teams use it

Not enough Spaces yet to publish anonymised usage stats (we require ≥ 50 Spaces per week).

Starter prompts

Check Recent Scans

@Borneo show me the five most recent scan iterations and their completion status
Open in a Space →

Start S3 Bucket Scan

@Borneo create and schedule a cloud resource scan for all S3 buckets in our production AWS account
Open in a Space →

Review DPIA for Activity

@Borneo retrieve the DPIA for processing activity ID 12345 and summarize the key risk findings
Open in a Space →

Add Confirmed Recipients

@Borneo add these discovered recipient IDs as confirmed: 678, 679, 680
Open in a Space →

Create Compliance User

@Borneo create a dashboard user named Jane Auditor with read-only role and access to the Legal department
Open in a Space →

Example outputs

Illustrative - representative of the model's voice and quality, not literal recordings.

Prompt

@Borneo show me the status and results of scan iteration #847 that ran last night on our S3 buckets

Output

Scan iteration #847 completed at 2:14 AM with status 'Completed'. Scanned 3 S3 buckets across 2 AWS accounts. Found 127 files containing potential PII: 89 files with email addresses, 31 with phone numbers, 7 with credit card patterns. No critical compliance violations detected. Full metadata includes scan duration (18 minutes), data volume processed (4.2 GB), and classification confidence scores. This is an illustrative example—actual scan results depend on your configured policies and data landscape.

Notes

Demonstrates read-heavy audit capability. Requires API key with 'scans:read' scope. Scan iterations accumulate quickly in active environments—consider retention policies. Results are point-in-time snapshots; re-scan if source data changes frequently.

Prompt

@Borneo create a new DPIA for our customer support ticketing system processing activity, flag it as high-risk due to health data

Output

Created DPIA #2891 for processing activity 'Customer Support Ticketing System'. Risk level set to High. Template initialized with sections for: legal basis assessment, data subject rights impact, security measures, and third-party processor evaluation. Status is 'Draft'—you'll need to complete required fields (data categories, retention periods, transfer mechanisms) before submission. Assigned to your compliance team for review. This is an illustrative example—actual DPIA structure follows your organization's configured templates.

Notes

Demonstrates write capability for compliance workflows. Side-effect: creates a draft record visible to compliance stakeholders. Requires 'dpia:write' scope. Borneo's DPIA module enforces mandatory field completion before finalization—expect follow-up work to satisfy regulatory documentation standards.

Prompt

@Borneo list all discovered recipients from the last 30 days who haven't been archived yet, then summarize which departments they're associated with

Output

Found 43 unarchived discovered recipients from the past 30 days. Department breakdown: Marketing (18 recipients), Sales (12), Customer Success (9), Engineering (4). Most common discovery sources: web form submissions (24), API integrations (11), manual uploads (8). 7 recipients flagged for review due to incomplete contact information. The AI notes that Marketing's high volume aligns with recent campaign activity, while Engineering's low count suggests tighter data collection controls. This is an illustrative example—actual recipient counts and department associations vary by your data flows.

Notes

Demonstrates synthesis: Borneo fetches raw recipient data, the AI interprets patterns. Requires 'recipients:read' scope. Discovered recipients remain in limbo until explicitly added or archived—this query helps surface backlog. Rate limit: 100 requests/minute on recipient endpoints.

Use-case deep-dives

Post-acquisition data discovery audit

When Borneo makes sense for M&A data mapping

A 12-person compliance team inherits 40+ cloud accounts after acquiring a SaaS company and needs to catalog personal data across AWS, GCP, and legacy on-prem systems before the 90-day integration deadline. Borneo's scan scheduling and discovered-recipient tracking fit this scenario well: you configure scans once per environment, let them run overnight, then triage the results in batch. The 50-tool catalog supports DPIA creation and department mapping, so you can tie findings to the new org chart as you merge teams. This works until you hit 200+ scans running concurrently — at that scale, the API rate limits start causing scan delays, and you'll need to stagger jobs manually. If your acquisition is under 50 cloud resources and you have API key access for each, Borneo closes the discovery gap faster than spreadsheet audits.

Quarterly GDPR compliance reporting

Borneo for recurring data-subject-access workflows

A 6-person privacy team at a B2B SaaS company runs data-subject-access requests every quarter and needs to prove they've scanned all customer-facing databases for personal data. Borneo's iteration tracking and archive endpoints let you snapshot each scan, compare results quarter-over-quarter, and archive old findings once remediation is done. The dashboard user creation tool is useful here: you can give auditors read-only access to scan results without handing over admin keys. The trade-off is setup time — configuring 50 tools means you're committing to Borneo as your system of record, not a one-off audit tool. If your compliance cadence is monthly or faster, and you already have API keys for your cloud providers, Borneo replaces the manual export-and-diff process. If you only run DSARs twice a year, the onboarding overhead outweighs the benefit.

Customer support PII incident response

Why Borneo isn't built for real-time support lookups

A 4-person support team needs to quickly check if a customer's email appears in any backend system after a data-breach report comes in. Borneo's scan-and-archive model doesn't fit this scenario: scans are scheduled jobs, not live queries, so you can't get an answer in under 30 seconds. The discovered-recipient endpoints assume you're working in batch mode, triaging lists of emails after a scan completes, not searching one record on demand. If your incident-response SLA is under 15 minutes, you need a live search tool with indexed data, not a compliance scanner. Borneo is the wrong tool here. It's designed for periodic audits where you can wait hours for results, not for support agents who need instant lookups. Save it for the quarterly compliance run, and use a dedicated PII search service for live support.

Frequently asked

What does the Borneo MCP do in Switchy?

The Borneo MCP connects Switchy to Borneo's data governance and privacy compliance platform. Your team can query scan results, manage discovered data recipients, create DPIAs for processing activities, and configure cloud resource scans — all without leaving the AI workspace. It's built for privacy and compliance teams who need to audit data flows or document GDPR assessments alongside other work.

Do I need an admin API key to connect Borneo?

Yes. Borneo uses API key authentication, and the key must have permissions to read scan iterations, create DPIAs, and manage recipients. If your key is scoped to read-only, the MCP will fail when you try to create departments or schedule new scans. Check with your Borneo account owner to generate a key with the right access level before connecting.

Can the Borneo MCP automatically run compliance scans on a schedule?

The MCP can create and schedule cloud resource scans via the 'Create and schedule cloud resource scan' tool, but it won't trigger them on a recurring basis inside Switchy. You configure the scan parameters and polling frequency once; Borneo's platform handles the actual execution. The MCP is for setup and querying results, not replacing Borneo's scheduler.

How is this different from logging into Borneo's dashboard?

The MCP lets your team ask questions like 'show me the latest scan iteration for our S3 bucket' or 'create a DPIA for this new processing activity' in plain English, without clicking through Borneo's UI. It's faster for one-off queries and fits into a broader AI workflow. For bulk configuration or visual reports, you'll still want the Borneo dashboard.

Who on the team should connect the Borneo MCP?

Your data protection officer, privacy lead, or compliance manager — whoever owns GDPR documentation and data discovery workflows. They'll need access to a Borneo API key with create and read permissions. Once connected, any Switchy team member can query scan results or ask compliance questions, but only the connector can update the API key if it rotates.

Data last verified 607 hours ago.Sources aggregated hourly to weekly. See docs/architecture/model-directory.md.