1. Overview
Brandy (“we,” “our,” “us”) takes the security of your brand assets and data seriously. This page outlines the security practices and infrastructure controls we have in place to protect your data.
2. Infrastructure & Hosting
Brandy’s infrastructure is hosted in the United States across trusted cloud providers. These providers maintain rigorous independent security certifications including SOC 1/2, ISO 27001, and PCI DSS Level 1.
3. Data Encryption
All data in transit is encrypted using TLS (Transport Layer Security). Data at rest is protected through the encryption capabilities of our infrastructure providers.
4. Access Control
Access to Brandy’s production systems is restricted to authorized personnel only. We follow the principle of least privilege, ensuring team members only have access to systems required for their role.
5. Payment Security
Brandy does not store payment card data. All payment processing is handled by a PCI DSS Level 1 certified provider.
6. Security Testing
We conduct regular internal security reviews and checks across our application and infrastructure on an ongoing basis.
7. Vulnerability & Incident Response
Brandy maintains an internal incident response process to identify, assess, and remediate security vulnerabilities. In the event of a breach affecting user data, we will notify affected users in a timely manner in accordance with applicable law. To report a vulnerability, contact us at becky@brandyhq.com.
8. Data Processing Agreement (DPA)
We are currently in the process of formalizing our Data Processing Agreement. We will share it with you as soon as it is finalized. In the meantime, we are happy to address any specific data protection questions.
9. Changes to This Page
We may update this Security page from time to time as our practices evolve. Changes will be reflected here with an updated date.
10. Contact
If you have questions about Brandy’s security practices, please email us at becky@brandyhq.com.