Data Protection & Security at Brightfin

At Brightfin, safeguarding your data is paramount. Our platform is designed with a contemporary cloud-based architecture, leveraging industry-standard technologies and services to uphold enterprise-grade reliability, security, and privacy for our esteemed customers.


Backup Assurance

Daily encrypted backups, both in transit and at rest, are diligently executed and routinely tested. Backups are securely stored “off-site” in Amazon S3 across multiple highly available physical devices.

Recovery Strategies

Annual reviews of Business Impact Analysis (BIA) and Business Continuity Plan (BCP) ensure well-defined Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs).

Incident Management & Responses

A 6-step incident response approach guides our consistent responses: Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned. We put an emphasis on blameless post-mortem analysis for continual improvement.

Secure Data Centers

Hosted in the United States, our customer center resides in AWS’s us-east-1 regions across multiple availability zones (a through f).

Continuous Infrastructure & Network Security Monitoring

A 24/7/365 Security Operations Center (SOC) ensures continuous monitoring for vulnerabilities. Network controls are maintained through a dedicated Virtual Private Cloud (VPC) within AWS, with Intrusion Detection Systems (IDS) for proactive alerting.

Vulnerability and Patch Management

Regular scanning for vulnerabilities, automated patching schedules, and prioritized handling of critical patches.

DDoS Mitigation

Distributed Denial of Service mitigation is provided via AWS Shield.

Application Security

Security “baked” into products, processes, and personnel with annual training on secure coding for developers. Static and dynamic security scans integrated into development and QA processes.

Third-Party Penetration Testing

Annual tests conducted with external penetration testing vendors, with remediation of findings.

Encryption Protocols

Encryption at rest for stored data, session cookies, and backups. Robust encryption in transit using TLS 1.2 / HTTPS and the option to add a secure IPSEC tunnel.


Authentication and Access Controls

Integration with Single Sign-On (SSO) and Multi-Factor Authentication (MFA) solutions for secure user authentication.

Role-Based Access Control

Administrators can set user roles according to the principle of least privilege.

Compliance & Certifications

Commitment to meeting and exceeding industry compliance standards with annual audits.

GDPR Compliance

Compliant with the General Data Protection Regulation (GDPR) since its inception in May 2018.

Corporate Security Practices

Employees undergo annual general security and data privacy training.

Information Security Policies & Procedures

Adherence to ISO 27001 framework for policies and procedures.

Office & Endpoint Security

Secured offices with keycard access, 24/7 monitoring, and redundancy. Employee laptops equipped with encryption, antivirus, and advanced malware detection.

Business Continuity

Built-in cloud-based continuity, enabling seamless operations globally.

Background Checks

All new hires undergo background checks, ensuring a secure work environment.

Brightfin is steadfast in its commitment to delivering a secure and reliable platform, continuously evolving to meet the highest standards of data protection and security.