Bevy cares deeply about availability, integrity and confidentiality of our customers' information. This page provides an overview of some of the security practices put in place at Bevy.
Please reach out to firstname.lastname@example.org for further information.
All of our services run in the cloud. We don’t host or run our own routers, load balancers, DNS servers, or physical servers.
Our service is built on Google Cloud Platform (GCP). They provide strong security measures to protect our infrastructure and are compliant with all relevant certifications. You can read more about their practices here.
All data sent to or from our infrastructure is encrypted in transit via industry best-practices using Transport Layer Security (TLS). Our SSL Labs Report is available here.
All database data is encrypted at rest. User passwords are further encrypted and salted within the database. Different methods of Single Sign-On (SSO) are also supported.
Client data is retained according to client-specific data retention policies.
We have put in place a comprehensive, pragmatic approach to risk identification, analysis and treatment as well as ongoing monitoring and review.
We back up all our critical assets and regularly attempt to restore the backup to guarantee a fast recovery in case of disaster. All our backups are encrypted. Data storage is set up for high-availability; web servers are configurable for redundancy and traffic-appropriate scalability.
Proper supplier management is an important part of security management strategy. We choose our vendors deliberately and require appropriate security due diligence. As such, vendors are part of our overall risk management process, vendor risk assessments occur at minimum prior to vendor selection, upon relevant changes (such as our own requirements or noteworthy changes in their security posture) or annually.
We develop following security best practices and frameworks (such as OWASP). Here are some relevant features of our development process:
Bevy’s Information Security Management System (ISMS) conforms with ISO/IEC 27001:2013. Compliance is certified via independent auditing. Please view our ISO 27001 certificate.
We are happy to share our most recent SOC 2 Type 1 report with clients and prospective clients who are under mutual NDA. If you are interested, please reach out to email@example.com.
Our company conforms with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks for regulating data privacy between the European Union and the United States.
We’re compliant with the EU General Data Protection Regulation (GDPR). The purpose of GDPR is to protect the private information of EU citizens and give them more control over their personal data. Contact us for more details on how we comply to GDPR.
Please reach out to firstname.lastname@example.org with further questions and/or feedback.