Brandkit Security Policy
A summary of Brandkit’s security policy and various arrangements
We protect your data.
All data are written to multiple disks instantly, backed up daily, and stored in multiple locations. Files that our customers upload are stored on AWS cloud servers that use modern techniques to remove bottlenecks and points of failure.
Your files and data is encrypted using HTTPS.
Whenever your data is in transit between you and us, everything is encrypted, and sent using HTTPS. Within our fire-walled private networks, data may be transferred unencrypted.
Any files which you upload to us are stored and are encrypted at rest using the SHA-256 standard. Our application databases are generally not encrypted at rest — the information you add to the applications is active in our databases and subject to the same protection and monitoring as the rest of our systems.
Your files are stored at these locations
We store your files and database records in three prime storage regions USA, UK and Australia.
We use a AWS storage regions located in Virginia (USA), Sydney(Australia), and London(UK). We use Fly.io datacentres in Virginia(USA), London(UK) and Sydney(Australia). Generally your files are stored in the datacentre nearest to you. For example if your organisation is based in the UK, your files will be stored in the London datacentre.
All files are written to multiple disks instantly, backed up daily, and stored in multiple locations. Files that our customers upload are stored on servers that use modern techniques to remove bottlenecks and points of failure. Our software infrastructure is updated regularly with the latest security patches.
Your metadata and database records are stored at the same location as your files, and then replicated in multiple regions
Metadata (data about your files) and other database records such as user data, transaction date, audit trails, etc, is stored in each storage region and replicated globally across Brandkit’s other storage regions, for high performance and low latency across the globe. For example a UK customer uploads files which generates metadata and other data. This is stored in a Database server in the UK but replicated to other Brandkit servers in the US and Australia. When visiting the UK customer’s Brandkit, a User in New Zealand will access the site and metadata from Brandkit’s Australian servers providing lower latency and better performance for the New Zealand user.
Your uploaded original files however are not replicated nor stored in other regions, thereby supporting data sovereignty requirements for some customers.
Thumbnails and proxies are generated, stored at these locations, and cached globally across 450+ points of presence.
Thumbnails or proxy images used to for visual search grids and asset proxies are generated from your uploaded files and distributed via AWS’s CloudFront CDN (Content Delivery Network) service. This is a globally distributed cache of images with over 450+ global point of presence.
Full redundancy for all major systems.
The AWS cloud servers we use — from power supplies to the internet connection to the air purifying systems — operate at full redundancy. Those systems are engineered to stay up even if multiple servers fail.
You can trust our people
All our employees and contractors (workers) sign confidentiality agreements before gaining access to our code and data. Background checks aren’t performed on our workers.
Everybody at Brandkit is trained and made aware of security concerns and best practices for their systems. Remote access to servers is using two factor authentication, and limited to workers who need access for their day to day work. We log all access to all accounts.
We use sophisticated physical security provided by AWS
Amazon Web Services (AWS) is the largest and most trusted cloud infrastructure provider on the planet. The AWS’s services we use are state-of-the-art servers and data-centres, and are protected by biometric locks and round-the-clock interior and exterior surveillance monitoring.
Only authorised AWS personnel have access to AWS data-centres. 24/7/365 onsite staff provides additional protection against unauthorised entry and security breaches.
Our personnel (employees and contractors) never visit or enter AWS data-centre or can access physical servers or storage.
Regularly-updated infrastructure.
Our software infrastructure is updated regularly with the latest security patches.
We protect your billing information.
All credit card transactions are processed using secure encryption—the same level of encryption used by leading banks. Card information is transmitted, stored, and processed securely via our 3rd party provider Stripe, on a PCI-Compliant network.
Constant monitoring
We have monitoring tools we’ve set up to alert us to any nefarious activity against our domains and exception reporting on system performance. To date, we’ve never had a data breach.
We have an internally built system that monitors and automatically blocks suspicious users for suspicious activity. We also have alerts in place for excessive resource use that escalates to our support team for manual investigation.
We have processes and defences in place to protect your data. But in the unfortunate circumstances someone malicious does successfully mount an attack, we will immediately notify all affected customers.
Data deletion when closing your account
All your content and data will be inaccessible on the cancellation date. After 30 days, all your files/data/content will be permanently deleted from our servers and databases. This information can not be recovered once it has been permanently deleted.
Incident management and disaster recovery
We perform hourly backups of all databases and files are backed up automatically after they are uploaded. We have procedures for responding to incidents. In the event of an incident, we will contact each account owner, as soon as we are able to.
Over 25 years in business.
We’ve been around the block and we’ve seen a lot of companies come and go. Security isn’t just about technology, it’s about trust, and we’ve been trusted by hundreds of brands since 1997. We’ve worked hard to earn that trust and we’ll continue to work hard every day to maintain that trust.
Longevity, sustainability and stability is core to our mission at Brandkit.
Brandkit Security Policy
Brandkit’s security overview.