Security

Security is our top priority. Every process is designed to meet industry best practice standards and compliance. Brainyhr.io stores your personal data in accordance with the new EU General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).

Where is my data stored at?

Brainyhr.io uses Amazon Web Services (AWS). The data is stored in Germany (Frankfurt), allowing you to meet European regulations as no data is transferred outside the EU and is physically secured by trained and audited Security staff around the clock, 365 days a year (see AWS Security Best Practices).

Application/ Server Security Vulnerability Prevention & Detection

  1. Application by design includes a number of vulnerability prevention measures that are applied at different stages of the development process
  2. Application/Code Design and Development
  3. Role-Based Access Control restricting access to areas of the platform depending on specific application level roles
  4. Strong session identifier validation mechanisms designed to prevent intrusion on existing sessions or other similar attack attempts
  5. Session Key/Token Management
    • Keys are being changed periodically where encryption is deployed
    • Keys are deleted when they are no longer needed to perform a function
  6. All data inputs and outputs are validated/filtered to protect users and databases from such Cross-site scripting, and other malicious attacks.
  7. Encrypted passwords for all database connections and the inability to permit a connection from an external source
  8. SQL code injection prevention by using proper database abstraction models that sanitize the strings that developers include in their queries
  9. Complete exception handling throughout the code base with logging and review where required. This includes all layers of the stack such as encryption, authentication, user access, API method call logging, etc.

Who owns your data?

Main company account is the owner of your data. We provide security functionality to protect your data. We are not sharing any data with any other organisations. Sensitive data, such as passwords, is encrypted, using an individual per-customer AES 256 based encryption key. If you would like to wipe your data, please send us a request and it will be removed, no questions asked.

Is the transfer of my data secure?

Brainacts.io uses only secured connection for data transfer. Your data is transferred with high-grade TLS 1.3 technology.

Is my data backed up

Your data is being backed up on a daily basis. Backup is stored in encrypted format.

How is security being tested?

We have regular third-party security experts testing our system for known vulnerabilities. Patches are being applied in front of any other new features.