Security

Privacy

Brazen is committed to protecting personally identifiable information (PII).

  • We encrypt all data, both at transit and at rest.
  • We do not sell the personal information of our customers to third parties.
  • You can find our privacy policy at: www.brazen.com/terms.

Encryption

Brazen uses strong encryption measures to protect data.

  • All data is encrypted in transit using HTTPS (TLS 1.2 and higher).
  • We only use strong ciphers and message digests.
  • We encrypt all data at rest using AES-256.

Hosting Environment

Brazen hosts its platform on Amazon Web Services.

  • ISO 27001 certified.
  • Independently verified and audited SAS-70 Type II and SSAE16.
  • See Amazon AWS Compliance site for more information.

Application Development

Brazen is committed to designing, building, and operating secure systems.

  • Our applications are completely developed, tested, deployed, and maintained by a full-time, in-house engineering team.
  • We scan our codebase daily to identify potentially insecure code.
  • We regularly scan our application to look for OWASP Top 10 vulnerabilities such as injection, cross server scripting (XSS), and cross site request forgery (CSRF).
  • We operate a host-based intrusion detection system to detect and warn of system breaches.
  • We annually contract a third-party firm to conduct network penetration and application security tests on our platform.
  • We obfuscate PII data before transferring data to non-production environments for testing.

Access and Awareness

Brazen vets and trains its employees and subcontractors.

  • We perform county, state and nationwide background checks on all employees and subcontractors.
  • We operate according to the principle of least privilege, granting only the permissions necessary to perform a job function.
  • All employees and subcontractors must attend security training.
  • All employees and subcontractors must pass an exam to demonstrate they understand our acceptable use and data security policies before being granted access.