Security

Privacy

Brazen is committed to protecting personally identifiable information (PII).

• We encrypt all data, both at transit and at rest.
• We do not sell the personal information of our customers to third parties.
• You can find our privacy policy at: www.brazen.com/terms.

Encryption

Brazen uses strong encryption measures to protect data.

• All data is encrypted in transit using HTTPS (TLS 1.2 and higher).
• We only use strong ciphers and message digests.
• We encrypt all data at rest using AES-256.

Hosting Environment

Brazen hosts its platform on Amazon Web Services.

• ISO 27001 certified.
• Independently verified and audited SAS-70 Type II and SSAE16.
• See Amazon AWS Compliance site for more information.

Application Development

Brazen is committed to designing, building, and operating secure systems.

• Our applications are completely developed, tested, deployed, and maintained by a full-time, in-house engineering team.
• We scan our codebase daily to identify potentially insecure code.
• We regularly scan our application to look for OWASP Top 10 vulnerabilities such as injection, cross server scripting (XSS), and cross site request forgery (CSRF).
• We operate a host-based intrusion detection system to detect and warn of system breaches.
• We annually contract a third-party firm to conduct network penetration and application security tests on our platform.
• We obfuscate PII data before transferring data to non-production environments for testing.

Access and Awareness

Brazen vets and trains its employees and subcontractors.

• We perform county, state and nationwide background checks on all employees and subcontractors.
• We operate according to the principle of least privilege, granting only the permissions necessary to perform a job function.
• All employees and subcontractors must attend security training.
• All employees and subcontractors must pass an exam to demonstrate they understand our acceptable use and data security policies before being granted access.