Security
Privacy
Brazen is committed to protecting personally identifiable information (PII).
- We encrypt all data, both at transit and at rest.
- We do not sell the personal information of our customers to third parties.
- You can find our privacy policy at: www.brazen.com/terms.
Encryption
Brazen uses strong encryption measures to protect data.
- All data is encrypted in transit using HTTPS (TLS 1.2 and higher).
- We only use strong ciphers and message digests.
- We encrypt all data at rest using AES-256.
Hosting Environment
Brazen hosts its platform on Amazon Web Services.
- ISO 27001 certified.
- Independently verified and audited SAS-70 Type II and SSAE16.
- See Amazon AWS Compliance site for more information.
Application Development
Brazen is committed to designing, building, and operating secure systems.
- Our applications are completely developed, tested, deployed, and maintained by a full-time, in-house engineering team.
- We scan our codebase daily to identify potentially insecure code.
- We regularly scan our application to look for OWASP Top 10 vulnerabilities such as injection, cross server scripting (XSS), and cross site request forgery (CSRF).
- We operate a host-based intrusion detection system to detect and warn of system breaches.
- We annually contract a third-party firm to conduct network penetration and application security tests on our platform.
- We obfuscate PII data before transferring data to non-production environments for testing.
Access and Awareness
Brazen vets and trains its employees and subcontractors.
- We perform county, state and nationwide background checks on all employees and subcontractors.
- We operate according to the principle of least privilege, granting only the permissions necessary to perform a job function.
- All employees and subcontractors must attend security training.
- All employees and subcontractors must pass an exam to demonstrate they understand our acceptable use and data security policies before being granted access.