Security & Compliance
Protecting your data is fundamental to everything we build. Brizz meets the highest standards of security, privacy, and regulatory compliance.
Certifications & Compliance
SOC 2 Type II
Independently audited controls for security, availability, and confidentiality. Our SOC 2 Type II report validates the operating effectiveness of our controls over time.
ISO 27001
Certified information security management system (ISMS) covering risk assessment, access controls, and continuous improvement of our security posture.
HIPAA
Compliant with the Health Insurance Portability and Accountability Act. We implement safeguards required for handling protected health information (PHI).
How We Protect Your Data
Encryption
All data is encrypted at rest (AES-256) and in transit (TLS 1.2+). Encryption keys are managed through dedicated key management services with automatic rotation.
Infrastructure Security
Hosted on enterprise-grade cloud infrastructure with network isolation, intrusion detection, and automated vulnerability scanning. All systems are patched and hardened continuously.
Access Controls
Role-based access control (RBAC) with least-privilege principles. Multi-factor authentication is enforced for all internal systems. Access is reviewed quarterly.
Incident Response
Documented incident response plan with defined escalation procedures. We conduct regular tabletop exercises and notify affected customers within 72 hours of a confirmed breach.
Data Retention & Deletion
Configurable data retention policies. Customer data is permanently deleted upon request or account termination, with cryptographic verification of deletion.
Privacy Frameworks
Compliant with GDPR, CCPA, and other regional privacy regulations. We support data subject access requests, data portability, and the right to erasure.
Questions or Concerns?
If you have security questions, need our SOC 2 report, or want to report a vulnerability, contact our security team.