At BrandSSL, security is our absolute highest priority. In the spirit of openness and transparency, here are some of the security measures we take to protect and defend the BrandSSL platform.
We protect your data
All data is written to multiple disks instantly, backed up daily, and stored in multiple locations.
Your users’ data never leaves our servers
We distinguish between data about your users and data about you, yourself. While, for example, your billing information is shared with Stripe, and your profile is accessible to us in our help desk software, any data about your users such as their vanity custom domain name are never shared with any external providers, and never leaves our server cluster.
We don’t collect or store any traffic information
When BrandSSL is setup, only information regarding the SSL certificate of a vanity domain name is saved. This information is used for renewing and re-issuance of SSL certificates
Encrypting data in transit
Whenever your data is in transit between you and us, everything is encrypted, and sent using HTTPS. Cookies are also set with a secure flag.
Hosted on Google Cloud Platform
BrandSSL is hosted on Google Cloud Platform. Our database is managed by Google Cloud SQL, ensuring redundancy, high availability and trustworthy automated, encrypted backups.
Google Cloud Platform is certified for a growing number of compliance standards and controls, and undergoes several independent third party audits to test for data safety, privacy, and security. Read more about the specific certifications on the GCP compliance page.
Organizational practices
- We operate under the principle of least privilege: Employees are assigned the lowest level of access that allows them to do their work.
- Two-factor authentication is enforced in all sensitive systems.
- All employees are required to use approved password managers (like Lastpass or 1Password) to generate and store strong passwords that are never reused.
- All employees are required to encrypt local hard drives and enable screen locking for device security.
- All access to application admin functionalities is restricted to a small subset of BrandSSL staff.
- We never store customer data on personal devices (like laptops).
Organizational practices
- All code changes are thoroughly tested through our Continuous Integration software.
- All code changes is tested in a staging environment before deploying to production.
- We use automatic security vulnerability detection tools to alert us when our dependencies have known security issues. We are aggressive about applying patches and deploying quickly.
- We use several tools and services to automatically monitor uptime and site availability. Key employees receive automatic email and SMS notifications in the case of downtime or emergencies.
- Logs are permanently deleted after 14 days.
Penetration testing
On top of our development-related continuous testing, we also conduct periodic third-party manual penetration testing of both our application and infrastructure.
Regularly-updated infrastructure
Our software infrastructure is updated regularly with the latest security patches. Our products run on a dedicated network which is locked down with firewalls and carefully monitored. While perfect security is a moving target, we work with security researchers to keep up with the state-of-the-art in web security.
We protect your billing information
All credit card transactions are processed via Stripe using secure encryption—the same level of encryption used by leading banks. Card information is transmitted, stored, and processed securely on a PCI-Compliant network.
Have a concern? Need to report an incident?
Have you noticed abuse, misuse, an exploit, or experienced an incident with your account? Send urgent or sensitive reports directly to security@brandssl.io . We’ll get back to you as soon as we can, usually within 24 hours. Please follow up if you don’t hear back. For requests that aren’t urgent or sensitive: submit a support request to hello@brandssl.io .
Keeping customer data safe and secure is a huge responsibility and a top priority. We work hard to protect our customers from the latest threats. Your input and feedback on our security is always appreciated.