All end-user data is being processed only by EU companies, and only use those that have EU data residency.
Briced encrypts all data using TLS where possible, making sure encryption is applied to data:
Data in use, in flight, and rest are encrypted according to what is deemed sufficient according the data protection legislation requirements.
Backups (of Clients’ End-User Data) are kept for a retention period of a maximum of 3 months, after which they are permanently removed.
Any code changes to Briced are tested with automatic processes, as well as manual peer reviews of code, to minimize the potential for security issues in the code.
Briced infrastructure is continuously monitored for irregularities to detect any potential abuse.
Briced applications and services are built around the concept of logical separation, making sure that all resources that belong to that organization (such as companies or people records) and/or project within an organization, cannot be accessed by other users that are not authorized to do so.
Data of Briced's Clients is processed and/or stored by third-party providers. See “Data Processing Agreement”, "Article 7. Subprocessing" for more details. The following lists all third-party providers that process and/or store Client data:
We’re happy to receive any potential security issues from our users. Send an email to hello@briced.com detailing the steps to reproduce the security issue or a proof-of-concept. We handle all security disclosures as good as we can, by working together with you where possible.