Security & Compliance

Overview

Bevy cares deeply about availability, integrity and confidentiality of our customers' information. This page provides an overview of some of the security practices put in place at Bevy.

Please reach out to security@bevylabs.com for further information.

Infrastructure

All of our services run in the cloud. We don’t host or run our own routers, load balancers, DNS servers, or physical servers.

Our service is built on Google Cloud Platform (GCP). They provide strong security measures to protect our infrastructure and are compliant with all relevant certifications. You can read more about their practices here.

Data Encryption

Encryption in transit

All data sent to or from our infrastructure is encrypted in transit via industry best-practices using Transport Layer Security (TLS). Our SSL Labs Report is available here.

Encryption at Rest

All database data is encrypted at rest. User passwords are further encrypted and salted within the database. Different methods of Single Sign-On (SSO) are also supported.

Data Retention

Client data is retained according to client-specific data retention policies.

Risk Management

We have put in place a comprehensive, pragmatic approach to risk identification, analysis and treatment as well as ongoing monitoring and review.

Business continuity and disaster recovery

We back up all our critical assets and regularly attempt to restore the backup to guarantee a fast recovery in case of disaster. All our backups are encrypted. Data storage is set up for high-availability; web servers are configurable for redundancy and traffic-appropriate scalability.

Vendors

Proper supplier management is an important part of security management strategy. We choose our vendors deliberately and require appropriate security due diligence. As such, vendors are part of our overall risk management process, vendor risk assessments occur at minimum prior to vendor selection, upon relevant changes (such as our own requirements or noteworthy changes in their security posture) or annually.

Secure Development

We develop our platform using best practices from security industry frameworks (such as OWASP).

  • Extensive, automated test coverage.
  • Static checks for vulnerabiLIties and insecure coding
  • Required reviews of all proposed code changes, enforced via technical controls
  • Segregation of environments
  • Security reviews

Compliance

ISO/IEC 27001:2013

Bevy’s Information Security Management System (ISMS) conforms with ISO/IEC 27001:2013. Compliance is certified via independent auditing. Please view our ISO 27001 certificate.

SOC 2

We are happy to share our most recent SOC 2 Type 1 report with clients and prospective clients who are under mutual NDA. If you are interested, please reach out to security@bevylabs.com.

EU-U.S. and Swiss-U.S. Privacy Shield

Our company conforms with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks for regulating data privacy between the European Union and the United States.

General Data Protection Regulation (GDPR)

We’re compliant with the EU General Data Protection Regulation (GDPR). The purpose of GDPR is to protect the private information of EU citizens and give them more control over their personal data. Contact us for more details on how we comply to GDPR.

Ethics

Bevy operates on a foundation of strong ethical values. If you do have concerns, please do share them at privatefeedback@bevylabs.com.

Further Information

Please reach out to security@bevylabs.com with further questions and/or feedback.

What are you waiting for?

Get a demo and see how to spread your brand with Bevy.