All Collections
FAQ
Other FAQ
Data Security
Data Security

Data security is paramount to our service. Read more here.

Edward Cooper avatar
Written by Edward Cooper
Updated over a week ago

BriteBiz Data Security Statement

Effective on: 16 July 2023

BriteBiz is dedicated to delivering a best-in-class Business Management and CRM Platform tailored for small businesses, events companies & professionals. In alignment with this commitment, BriteBiz has formulated information security risk management policies aimed at ensuring the confidentiality, integrity, and availability of the data uploaded to all BriteBiz services.

This Data Security Statement outlines some of the security controls implemented by BriteBiz in accordance with these policies. Please note that this Statement pertains specifically to BriteBiz services and may not cover other services provided by BriteBiz or publicly accessible websites.

General Cloud Security - BriteBiz is a cloud-based operating system. In general, cloud computing services are multiple times more reliable than on-site software systems. When software is hosted locally, there are constant risks of hardware or software failure as well as any unexpected events such as theft, fire or damage. With cloud service, your information is always safe and can be accessed at any time from any place from any device.

Infrastructure: Data submitted to BriteBiz services is stored with our third-party infrastructure service providers (AWS - Data Center Providers) in multiple locations, ensuring automated and regularly scheduled multi-region backups. Our Data Center Providers are considered the Global Best-in-Class. Infrastructure configuration information is maintained separately. On top of this, we backup our database daily, over a rolling 30 days. So at any given time, there are 30 copies of your data stored, in more than one location.

Security Controls: Access to our Data Center Providers (AWS) facilities is restricted to authorized personnel, secured by access control.

Vendor Risk Management: Our Data Center Providers (AWS) undergo Service Organization Controls (SOC) 2 Type II audits. These third parties are contractually bound to uphold the confidentiality of data as permitted by applicable law.

PCI Compliance: BriteBiz acts as a payment gateway through our service BritePay. All payments are handled through third-party payment platforms that we integrate with such as Stripe and Authorize.net. We do not process payments and we do not hold or store any credit card numbers. We only integrate with payment providers that have validated PCI level-one compliance. If using a payment provider with BriteBiz, you should check with them directly for a copy of their PCI Compliance.

BriteBiz's Data Security Controls:

Technical/Administrative Security Controls:

  • BriteBiz employs industry best practices such as HTTPS hosting and firewall protection to ensure the security of customer data. There is full firewall protection for external points of connectivity.

  • End-to-end encryption using Transport Layer Security (TLS) protocol version 1.2 or higher.

  • Regular scanning/monitoring for vulnerabilities.

  • MFA for login protection.

  • BriteBiz follows OWASP best practices for secure development

  • Patching of software expeditiously.

  • Logging and active monitoring of network and database activity.

  • Limited physical and logical access to IT systems processing data.

  • BriteBiz internally adheres to GDPR requirements for individual customer responsibility in deleting outdated records.

Data Protection Officer: BriteBiz has appointed a Data Protection Officer.

For any further details email hello@BriteBiz.com.

Did this answer your question?