Audit Logging
Real-Time Tracking
All user and system activity is tracked in real time across all Buildrbrand platforms.
12+ Month Retention
Audit logs are securely retained for over 12 months, supporting compliance, incident analysis, and internal governance.
Exportable Logs
Logs can be exported in standard formats (CSV, JSON) for audits, legal requests, integrations, and reporting workflows.
Compliance
CCPA
GDPR
Buildrbrand is GDPR compliant. Organizations in the EU or who employ EU-based individuals can rest assured that Buildrbrand is handling their personal information in compliance with the latest EU laws.
SOC 2
Auditor Linford & Co
Infrastructure
Status Monitoring
BuildrCloud
BuildrCloud is Buildrbrand’s internal infrastructure platform powering every deployment. Projects are provisioned on hardened AWS environments, and all orchestration, deployment control, and environment isolation is managed through our proprietary BuildrCloud layer — ensuring fast iteration, secure handling, and scalable delivery by default.
Anti-DDoS
This is enabled as part of Brute's content delivery network and web application firewall services.
BC/DR
There are documented business continuity and disaster recovery plans in place.
Infrastructure Security
Infrastructure security is a shared responsibility between Brute and BuildrCloud, powered by enterprise grade protocols.
Seperate Production Environment
Customer data is stored in production environments.
Self-Assessments
CAIQ Lite
SIG Lite
VSA Core
AI
Asset Governance
The use of AI is governed by the Buildrbrand AI Use Policy.
AI Security
Buildrbrand developers must ensure that they protect data privacy and security when using AI. The use of AI tools and applications must comply with the Company’s data privacy and data security policies.
AI Third Party Contracts and Diligence
AI vendors utilized by Buildrbrand must adhere to industry standard information security best practices including but not limited to SOC2 Type II attestation to validate data protection, access, and data retention.
AI Training Data and Bias
Customer data is not included in training data or used to improve the LLM model.
AI Usage Training
The usage of AI features within Buildrbrand is opt-in only.
Responsible AI Statement
Buildrbrand promoted the use of AI in a way that promotes fairness, accountability, and transparency while complying with all applicable laws, regulations, and ethical standards.
Corporate Security
Asset Management Practices
Asset inventory is maintained and updated regularly.
Email Protection
Email protections are in place to report phishing, scan and quarantine suspicious contents, malicious domains and attachments.
Employee Training
Security is a company-wide core. All employees complete a bi-annual security training program and employ best practices when handling customer data.
HR Security
Employees and contingent workers require the completion of an onboarding checklist including training, provisioned company assets and accounts, and acknowledgement of policies after completing formal interviews as well as background checks.
Incident Response
A security incident response plan is in place and table top sessions are conducted.
Internal Assessments
Buildrbrand employs staff responsible for reviewing, updating, testing and maintaining our security and privacy policies. A formal, comprehensive risk assessment is conducted at least once a year. The results are reviewed by management and tracked accordingly.
Internal SSO
Internal SSO and MFA are required for access to any Buildrbrand system.
Penetration Testing
Penetration testing is conducted annually and findings are remediated or accepted according to internal guidelines.
Security Operations Center
Security personnel is on call 24/7 via rotation and alerted according to activities detected.
Data Security
Access Monitoring
We review permissions and user roles regularly to uphold the principle of least privilege across all environments.
Daily Backups
Production data is backed up daily with availability zone redundancy and retained for a minimum of 14 days.
Data Retention & Erasure
All customer data is permanently deleted 180 days after contract expiration, unless otherwise requested via DPA or contractual terms.
Encryption at Rest
All stored data is encrypted using 256-bit AES encryption, leveraging native capabilities in AWS and BuildrCloud infrastructure.
Encryption in Transit
All data in transit is secured using TLS 1.2+ encryption protocols, meeting or exceeding bank-level standards.
Regional Data Control
Clients can select their preferred data region—US or EU—during onboarding to meet regulatory and operational requirements.
Physical Security
All hosting and infrastructure-level protection is managed by AWS or BuildrCloud-certified environments, ensuring physical safeguards at the data center level.
Risk Profile
Data Access Level
As a SaaS vendor selling to an enterprise customer, what type of data do you need access to?
Impact Level
What is the potential impact to your enterprise customer if the data and/or functionality you, as the vendor, are supposed to manage, is compromised?
Recovery Time Objective
What is your recovery time objective in case of critical failure?
Recovery Point Objective
What is your recovery point objective in case of critical failure?
Critical Dependence
Will your product be a system that your enterprise customer critically depends on?
Third Party Dependence
Are you also using other third-party services to manage or support your customers?
Hosting
Are you hosted only on one of the major cloud providers or do you have any on-premise systems?
Legal
Data Processing Agreement
https://www.buildrbrand.com/privacy/data-processing-addendum
Data Subject Requests
Individuals will navigate to the following link to exercise their data subject rights :
Privacy Policy
Service-Level Agreement
Buildrbrand’s SDLC includes the following controls:
• Formal change control process for all deployments
• Mandatory peer code reviews
• Pre-release testing in isolated environments
• Role-based deployment permissions to restrict production access
Terms of Service
We perform ongoing internal and third-party vulnerability scans across our infrastructure. Issues are triaged by severity using industry-standard CVSS scoring, and prioritized for immediate remediation based on impact.
Product Security
Audit Logging
User activities within Buildrbrand platforms are available in audit logs. Please see https://www.help.buildrbrand.com/articles/auidit-review-cycles
Data Security
Customer data is stored in the United States. Standard Contractual Clauses (SCC) are utilized to cover regulatory requirements for European customers
Integrations
BuildrCloud Optimized infrastructure, fully managed by us. Blazing-fast, secure, and tuned for every product we build. Your app lives in a performance-focused cloud—without the overhead.
AWS / GCP / Azure Deploy directly to your preferred cloud, while leveraging Buildrbrand’s orchestration, monitoring, and scaling tools.
Hybrid & Multi-Cloud Ready Enterprise-grade routing, backup, and sync across environments. Buildrbrand adapts to your cloud strategy—not the other way around.
Multi-Factor Authentication
MFA is supported through SSO.
Role-Based Access Control
Buildrbrand Admins can create granular custom roles for their users.
Service Level Agreement
Please see this page for our Enterprise Service Level Agreement.
SSO Support
Single Sign-on (SSO) allows you to authenticate users in your own systems without requiring them to enter additional login credentials.
Endpoint Security
Disk Encryption
All employee computers utilize full disk encryption.
DNS Filtering
Malicious websites are filtered by a solution.
Endpoint Detection & Response
Employee computers are protected with an anti-malware/anti-virus and EDR solution.
Mobile Device Management
Employee computers are centrally managed and secured using an MDM solution.
Threat Detection
Brute continuously monitors infrastructure activity across all environments using real-time cloud logs, behavioral analytics, and custom threat intelligence pipelines. Unlike third-party solutions, Brute is deeply integrated with each application stack — allowing it to correlate code-level events, misconfigurations, and workload anomalies with critical asset locations. This enables rapid identification of meaningful threats, prioritized response, and zero-noise alerting — with 24×7 automated coverage and human override when required.
Network Security
Firewall
Firewalls are implemented on company devices as well as for our web applications.
IDS/IPS
Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are used to monitor and prevent unauthorized access.
Security Information and Event Management
A SIEM is utilized to log and alert on predefined rules for triaging security events.
Virtual Private Cloud
BuildrCloud deploys every system inside isolated private environments designed for secure, scalable infrastructure. Each deployment is segmented to protect workloads and enforce strict access boundaries.
Wireless Security
Corporate wireless networks are secured using strong encryption at physical office locations.
App Security
Responsible Disclosure
Security is a core part of how Buildrbrand operates. If you believe you’ve discovered a potential vulnerability, we appreciate your help in disclosing it responsibly.
Please email us at security@buildrbrand.com and we’ll acknowledge your report within five business days.
We ask that you:
• Provide us with reasonable time to investigate and resolve the issue before public or third-party disclosure.
• We aim to fix critical vulnerabilities within 1 hour. Make a good-faith effort to avoid impacting platform stability, privacy, or user data.
• Only test against domains you own or have explicit permission to evaluate.
The following activities are strictly prohibited during testing:
• Denial of Service (DDoS)
• Phishing, spamming, or social engineering attacks
• Attacks on Buildrbrand’s physical infrastructure or personnel
Code Analysis
All code undergoes automated static analysis to detect and remediate vulnerabilities before production deployment.
Credential & Key Management
Encryption keys and sensitive secrets are securely managed using AWS Key Management Service (KMS) and rotated regularly.
Software Development Lifecycle (SDLC)
Buildrbrand’s SDLC includes the following controls:
• Formal change control process for all deployments
• Mandatory peer code reviews
• Pre-release testing in isolated environments
• Role-based deployment permissions to restrict production access
Vulnerability & Patch Management
We perform ongoing internal and third-party vulnerability scans across our infrastructure. Issues are triaged by severity using industry-standard CVSS scoring, and prioritized for immediate remediation based on impact.
MFA
MFA Required
All Buildrbrand users are required to enable MFA for platform access.
TOTP Support
Compatible with leading authenticator apps like Google Authenticator, Authy, and 1Password.
MFA Enforcement
MFA is enforced not just at login, but also for sensitive actions such as permission changes, payouts, or admin-level operations.
Phishing Protection
By requiring a second factor, MFA significantly reduces risks of unauthorized access from compromised passwords.
Policies
Acceptable Use Policy
Access Control Policy
Asset Management Policy
Business Continuity/Disaster Recovery (BC/DR) Policy
Code of Conduct
Data Classification Policy
Data Security Policy
Encryption Policy
Incidence Response Policy
Information Security Policy
Other Policies
Please follow up with your Relationship Manager if you have additional requests or questions pertaining to policies.
Password Policy
Physical Security Policy
Risk Assessment/Management Policy
Software Development Lifecycle Policy
Vulnerability Management Policy
Overview
Overview
At Buildrbrand, trust is engineered into every layer.
We power platforms for high-growth startups, enterprise clients, and creators — which means safeguarding your data isn’t optional, it’s foundational. Buildrbrand adheres to industry-best security practices, undergoes regular audits and vulnerability testing, and encrypts all sensitive information both at rest and in transit. Your infrastructure runs on our infrastructure — and we treat that responsibility with absolute seriousness.
Buildrbrand is a full-stack development and design platform that helps companies launch, scale, and manage powerful software products. From eCommerce systems to high-performance fintech tools and AI platforms, Buildrbrand unites elite engineering with polished, conversion-optimized design — all delivered with speed, precision, and security baked in.
Integrations
Scoped Access
Third-party tools are granted only the minimal required access using OAuth scopes or API keys tied to defined permission sets.
Webhook Security
All webhooks are signed and validated using shared secrets to prevent spoofing or injection attacks.
IP Whitelisting
Integration endpoints are protected by IP whitelisting to restrict access only to approved third-party services.
Monitoring & Isolation
Each integration is monitored in real-time, with sandboxed environments ensuring data isolation and operational integrity.
Reports and Documents
Network Diagram
Other Reports
Pentest Report
Auditor NCC Group
Buildrbrand works with industry leading security firms to perform bi-annual network and and application layer penetration tests. A summary of the results of our latest test is available to request.
SOC 2 Report
Auditor Linford & Co
Buildrbrand attests to Security, Availability and Confidentiality trust services criteria as part of the SOC 2 report.
.png)
%20copy.png)
