Security at Brixor
Your data is protected by industry-standard encryption, SOC 2 Type II certification, and rigorous security controls at every layer of our infrastructure.
Security Architecture
Multiple layers of protection ensure your business data is always safe and only accessible by you.
Encryption
- At rest: AES-256 encryption for all database records
- In transit: TLS 1.3 for all connections
- API keys: SHA-256 hashed before storage
- Passwords: bcrypt with cost factor 12
Authentication
- Session tokens: Signed JWTs with short expiry
- OAuth 2.0: Google OAuth for passwordless sign-in
- API auth: Bearer token with timing-safe comparison
- Key rotation: Revoke and rotate keys anytime
Infrastructure
- Hosting: Vercel Edge Network (global CDN)
- Database: Neon PostgreSQL with automatic backups
- Uptime: 99.9% SLA with redundant systems
- Data residency: US data centers
Payments
- Processor: Stripe (PCI DSS Level 1 certified)
- Card data: We never store card numbers or CVVs
- Tokenization: Stripe handles all payment tokenization
- Fraud detection: Stripe Radar ML-based fraud prevention
Access Control
- RBAC: Role-based access controls per resource
- Row-level security: Database enforces user data isolation
- Internal access: Minimal-privilege access for engineers
- Audit logs: All admin actions are logged and reviewed
API Security
- Rate limiting: 60 req/min free, 300 req/min premium
- Key hashing: SHA-256 — raw keys never stored
- Timing safety: Constant-time comparison prevents timing attacks
- HTTPS only: All API endpoints require TLS 1.3
Compliance & Certifications
We undergo rigorous third-party audits and maintain compliance with industry standards.
SOC 2 Type II
Annual third-party security audit verifying our controls
GDPR
EU General Data Protection Regulation compliant
CCPA
California Consumer Privacy Act compliant
PCI DSS
Payment Card Industry compliance via Stripe Level 1
Penetration Testing
Brixor undergoes annual penetration testing conducted by independent third-party security firms. Findings are triaged and remediated before results are published internally. Critical vulnerabilities are patched within 24 hours.
Automated Backups
Neon PostgreSQL performs automated continuous backups with point-in-time recovery. Backups are retained for 30 days. In the event of data loss, we can restore to any point within that window with near-zero data loss.
Incident Response
We maintain a documented incident response plan. In the event of a data breach affecting your personal data, we will notify affected users within 72 hours in compliance with GDPR and applicable US state laws.
Data Residency
All Brixor data is stored in US-based data centers operated by our infrastructure providers (Vercel, Neon, Supabase). We use Standard Contractual Clauses (SCCs) for data transfers involving EU/EEA users.
Vulnerability Disclosure Program
If you discover a security vulnerability in Brixor, we want to know about it. Please report it responsibly and we will work with you to resolve it promptly. We do not take legal action against researchers who follow responsible disclosure.