Skip to main content

Data Security

Data security is paramount to our service. Read more here.

Edward Cooper avatar
Written by Edward Cooper
Updated over 2 months ago

BriteBiz Data Security Statement

BriteBiz is dedicated to delivering a best-in-class Business Management and CRM Platform tailored for small businesses, events companies & professionals. In alignment with this commitment, BriteBiz has formulated information security risk management policies to ensure the confidentiality, integrity, and availability of data uploaded to all BriteBiz services.

This Data Security Statement outlines some of the security controls implemented by BriteBiz in accordance with these policies. Please note that this Statement pertains specifically to BriteBiz services and may not cover other services provided by BriteBiz or publicly accessible websites.

General Cloud Security - BriteBiz is a cloud-based operating system. In general, cloud computing services are multiple times more reliable than on-site software systems. When software is hosted locally, there are constant risks of hardware or software failure as well as any unexpected events such as theft, fire or damage. With cloud service, your information is always safe and can be accessed at any time from any place from any device.

Infrastructure: Data submitted to BriteBiz services is stored with our third-party infrastructure service providers (AWS - Data Center Providers) in multiple locations, ensuring automated and regularly scheduled multi-region backups. Our Data Center Providers are considered the Global Best-in-Class. Infrastructure configuration information is maintained separately. On top of this, we backup our database daily, over a rolling 30 days. So at any given time, there are 30 copies of your data stored, in more than one location.

Security Controls: Access to our Data Center Providers (AWS) facilities is restricted to authorized personnel, secured by access control.

Vendor Risk Management: Our Data Center Providers (AWS) undergo Service Organization Controls (SOC) 2 Type II audits. These third parties are contractually bound to uphold the confidentiality of data as permitted by applicable law.

PCI Compliance: BriteBiz acts as a payment gateway through our service BritePay. All payments are handled through third-party payment platforms that we integrate with such as Stripe and Authorize.net. We do not process payments and we do not hold or store any credit card numbers. We only integrate with payment providers that have validated PCI level-one compliance. If using a payment provider with BriteBiz, you should check with them directly for a copy of their PCI Compliance.

BriteBiz's Data Security Controls:

Technical/Administrative Security Controls:

  • BriteBiz employs industry best practices such as HTTPS hosting and firewall protection to ensure the security of customer data. There is full firewall protection for external points of connectivity.

  • End-to-end encryption using Transport Layer Security (TLS) protocol version 1.2 or higher.

  • Regular scanning/monitoring for vulnerabilities.

  • MFA for login protection.

  • BriteBiz follows OWASP best practices for secure development

  • Patching of software expeditiously.

  • Logging and active monitoring of network and database activity.

  • Limited physical and logical access to IT systems processing data.

  • BriteBiz internally adheres to GDPR requirements for individual customer responsibility in deleting outdated records.

Data Encryption Security

You are responsible for all your own onsite data protection and the security of your own software and hardware. We do not have ownership of your local hardware and software.

We take a very proactive approach of data encryption of the BriteBiz platform. Alongside regular 30-day data backups as detailed above, we implement the principle of "least privilege wherever possible". This means that systems and staff only have access to data that is required to fulfill a specific task or role. This is done to offset the risk of security or data breaches. We are continuously working on and improving these measures, as keeping our customers' data safe is most paramount to our business.

Data Privacy Policy

Details of our Data Privacy Policy (data collection and processing) Here.

2FA Process

Enhance security with BriteBiz 2-Factor Authentication (2FA) Here.

Data Protection Officer: BriteBiz has appointed a Data Protection Officer.

For any further details email hello@BriteBiz.com - subject "FAO Data Protection Officer".

Local Data Backup SOP: To mitigate the loss of short-term data access for events, we recommend that every member have a local data backup plan. We recommend using our Reports >> Booking feature to output perhaps 2 weeks of events on, perhaps, the first Monday of every week. This SOP decisions on what should be output, and the frequency, should be local management decisions.

BriteBiz Malware Attack Response & Data Protection Policy

1. Hosting & Infrastructure

BriteBiz is hosted on Amazon Web Services (AWS)—a platform that meets the highest standards for data security, availability, and redundancy. All client data is stored securely using:

  • Encrypted storage

  • AWS-native firewalls and threat detection tools

  • High-availability architecture across multiple availability zones

2. Backup & Recovery Strategy

BriteBiz maintains a 30-day rolling backup system, with:

  • 30 distinct database backup copies, distributed across multiple physical servers

  • Backups taken at regular intervals daily and stored with version history

  • Encrypted backups are inaccessible to external or unauthorized users

In the event of a ransomware or encryption-based malware attack:

  • Backups remain unaffected due to physical and logical separation from live servers

  • Systems can be restored within hours, depending on the size and scope of the recovery

  • Customers would regain access to their data in its latest clean state, with as minimal disruption as possible

3. Malware Attack Response Protocol

If a malware encryption attack is detected:

  1. Immediate Isolation
    Infected servers and services are taken offline and segmented.

  2. Threat Analysis & Containment
    Our engineering team would use AWS security tools to trace the entry point and prevent lateral spread.

  3. Rollback to Clean Backup
    Services are restored from a clean, pre-attack backup copy, with verification and integrity checks.

  4. Client Communication
    Customers are notified of:

    • Incident status

    • Estimated recovery time

    • Confirmation of data integrity

  5. Audit & Prevention
    Post-incident analysis is performed, including:

    • Reviewing logs

    • Patching vulnerabilities

    • Enhancing protections

4. Customer Access During Recovery

In case of platform downtime due to an incident:

  • BriteBiz prioritizes read-only access to previously backed-up customer data

  • Communication channels remain open via support@britebiz.com

5. Why This Matters to You

BriteBiz understands that trust, continuity, and data protection are critical in your business and in the wedding and events industry. That’s why we’ve invested in:

  • The highest standards of secure infrastructure

  • Highest Guidelines For Redundant Backups

  • Transparent communication

  • A rapid response process

Our goal is zero data loss, minimal downtime, and complete client confidence—even in the face of cyber threats.

Revision Effective 14th May 2025

Related Articles
Fraud Prevention Plan
Sending WhatsApp Messages
Understanding Email Integration And Your CRM
Did this answer your question?