Is Brandfolder Secure?
SOC 2 Type 2 compliant
Brandfolder has completed its SOC 2 Type 2 audit for its security and confidentiality controls. This means Brandfolder has established processes and practices against these controls that have been validated by an independent third party.
- Independent third-party examination
- Gold standard security compliance for SaaS
- Strict security and confidentiality procedures in place
Brandfolder enables the right individuals to access the right resources at the right time. It provides a seamless and secure way for your organization to manage your digital assets. Other users can't see your brand assets in your Brandfolders unless you deliberately give them access or make your Brandfolder Public.
- SAML 2.0 SSO
- User management & permissions
- Privacy and Stealth Mode settings
Storage and delivery
The underlying storage architecture behind Brandfolder is powered by best in breed
cloud service providers. Brandfolder supports both Google Cloud Storage (GCS) and Amazon
Web Services (AWS) S3 for cloud storage.
Brandfolder redundantly stores all data on multiple devices across three Availability Zones.
All PUT and COPY operations for objects are synchronously stored across all Availability Zones
before confirming that the data has been successfully stored, thus ensuring fault-tolerance.
Once stored, we are regularly verified of the integrity of stored data using checksums. If
corruption is detected, it is repaired using redundant data. By using GCS and S3, Brandfolder
is able to effectively provide 99.999999999% durability and 99.99% availability of objects
over a given year.
Brandfolder's PostgreSQL database deployment is always up-to-date through
automatic updates using the latest patches. Automated backups of all transaction logs
and the database enable point-in-time recovery for all of Brandfolder’s customers.
Brandfolder’s database instance is set to run as a multi-region, Multi-Availability Zone
deployment with a disaster recovery replica. This means that it will automatically provision
and manage a “standby” replica in a different Availability Zone (independent infrastructure
in a physically separate location). Database updates are made concurrently on the
primary and standby resources to prevent replication lag. In the event of planned
database maintenance, database instance failure, or an Availability Zone failure, we will
automatically failover to the up-to-date standby so that database operations can resume
quickly without administrative intervention. Brandfolder maintains snapshots and streaming
logs for instantaneous recovery in the event of global compute disaster.
- GCS or AWS S3 Storage with a 99.99% uptime
- Globally distributed Content Delivery Network (CDN)
- Content ingestion network with lightning fast upload speeds
- Global storage locations in the US, Asia, Europe, and others
- Custom storage solutions for enterprise clients
Assets are encrypted at rest using server-side AES 256 encryption algorithm. We salt and hash user passwords using 10 rounds of Bcrypt. Data traveling between a customer device and Brandfolder is secured with SHA-256 with RSA signed certificates and encrypted using HTTPS/TLS to protect
against eavesdropping, tampering, and message forgery. Brandfolder only accepts traffic from 2 whitelisted ports, and has built-in intrusion detection instrumented with monitoring and alerts.This ensures the integrity of all transmitted information in and out of the Brandfolder technology stack.
Risk assessment and controls
Brandfolder IT reviews and regularly updates IT vulnerabilities, controls, and risk impacts. The assessment evaluates security vulnerabilities affecting confidentiality, integrity, and availability. Appropriate security safeguards are recommended, permitting management to make knowledge-based decisions about security-related initiatives.
Durability & back-ups
By leveraging Amazon Web Services (AWS) and Google Cloud (GCP), Brandfolder offers best in breed online and physical security measures, 99.999999999% durability and 99.99% availability of objects over a given year. Brandfolder ensures streaming replication backups so that no changes or updates are lost in the event of a disaster.
Cloud storage providers provide state of the art data center security, including around the clock staffing, video surveillance and intrusion detection systems. Authorized access is granted on a need to know basis. In the Brandfolder office, all workstations are regularly updated and monitored for malware protection. All administrative interfaces are accessed through key-card and/or 2FA user authentication.
Security and ownership
Your data is yours, and yours only. Brandfolder will protect your data from internal and external threats, making it the safest home for all of your important brand assets. We leverage built-in intrusion detection, advanced monitoring and alerts systems, encryption in transit and more measures to ensure data security.
- Regular security audits and pen testing
- Business continuity and disaster recovery procedures
- Internal and external data security
Reach out to Brandfolder Support at firstname.lastname@example.org to receive more security documentation or audit reports.