Security Architecture Document

All end-user data is being processed only by EU companies, and only use those that have EU data residency.

Encryption

Briced encrypts all data using TLS where possible, making sure encryption is applied to data:

  1. in use (frequently updated information, usually accessed by multiple users within a network).
  2. in flight (data being transferred outside the network).
  3. at rest (static data stored locally on hard drives that are not often accessed or modified and can be thought of as archived). Examples: Client database backups, Clients’ End-User Data backups stored in Client projects.

Data in use, in flight, and rest are encrypted according to what is deemed sufficient according the data protection legislation requirements.

Backup Retention

Backups (of Clients’ End-User Data) are kept for a retention period of a maximum of 3 months, after which they are permanently removed.

Code Quality

Any code changes to Briced are tested with automatic processes, as well as manual peer reviews of code, to minimize the potential for security issues in the code.

Monitoring

Briced infrastructure is continuously monitored for irregularities to detect any potential abuse.

Isolation

Briced applications and services are built around the concept of logical separation, making sure that all resources that belong to that organization (such as companies or people records) and/or project within an organization, cannot be accessed by other users that are not authorized to do so.

Subprocessors

Data of Briced's Clients is processed and/or stored by third-party providers. See “Data Processing Agreement”, "Article 7. Subprocessing" for more details. The following lists all third-party providers that process and/or store Client data:

  1. Hetzner (EU based company):
    1. GDPR: https://wiki.hetzner.de/index.php/Datenschutz-FAQ

  2. OpenAI (US based company):
    1. GDPR: https://openai.com/enterprise-privacy/

Disclosing Vulnerabilities

We’re happy to receive any potential security issues from our users. Send an email to hello@briced.com detailing the steps to reproduce the security issue or a proof-of-concept. We handle all security disclosures as good as we can, by working together with you where possible.