Skip to main content
Complete information about BrainBox security architecture, compliance certifications, and data protection measures.

Security Architecture

Core Infrastructure

BrainBox is built on enterprise-grade cloud infrastructure that prioritizes security at every layer. Our database and authentication run on Supabase, which is AWS-backed and certified for SOC 2 Type II and ISO 27001. Vector search is powered by Pinecone, adhering to enterprise security standards. Payments are processed through PayU and Trelli, both PCI DSS Level 1 compliant. The underlying infrastructure runs on AWS with multiple regions and built-in redundancy.

Encryption

Data in transit is protected with TLS 1.2 or higher for all connections. Every API call is encrypted, and all data transmission happens over HTTPS—no exceptions. Data at rest is secured with AES-256 encryption for the database, encrypted file storage, and encrypted backups. This ensures your data is protected whether it’s moving through the network or sitting in storage.
Data is encrypted following industry best practices. For specific encryption implementation details, contact security@brainbox.com.co.

Access Control

Authentication & Authorization Secure authentication happens via Google or Microsoft, eliminating password-related vulnerabilities. Row-level security (RLS) is enforced at the database level, and role-based access control ensures users can only access what they’re supposed to. Permission Model Permissions work at multiple levels. Workspace-level permissions assign Owner, Admin, Editor, or Viewer roles. Box-level access control provides granular sharing options. Database-level enforcement prevents unauthorized access even if something bypasses the application layer. Real-time permission checking verifies every request.

Compliance & Certifications

Industry Standards & Best Practices

BrainBox follows security best practices and uses infrastructure providers with industry certifications: Infrastructure Providers:
  • AWS - SOC 2 Type II, ISO 27001 certified
  • Supabase - SOC 2 Type II, ISO 27001 certified
  • Pinecone - Enterprise security standards
  • Vercel - SOC 2 compliance
  • GCP & Azure - Enterprise security standards
BrainBox follows best practices but is not independently certified. We rely on the certifications of our upstream providers for infrastructure and security assurances.

GDPR Compliance

Your Data Rights You have the Right to Access, meaning you can export all your data anytime in formats like PDF, CSV, or JSON. The Right to Deletion lets you delete your account and all associated data. To delete your entire account, contact support@brainbox.com.co. Once initiated, automatic purge happens after 30 days. You can also delete individual files and boxes one by one from within the application anytime. Right to Portability ensures you can download your data in standard formats, making it easy to transfer to other platforms with no vendor lock-in. Right to Rectification gives you the power to update personal information and correct data errors through self-service in Settings. Data Processing We obtain explicit consent at signup, have data processing agreements in place, document lawful basis for all processing, and practice data minimization—collecting only what’s necessary.

SOC 2 & ISO 27001

Our infrastructure providers (AWS, Supabase) maintain SOC 2 Type II and ISO 27001 certifications, ensuring:
  • Security controls and monitoring
  • Change management procedures
  • Incident response capabilities
  • Information security policies

Data Backup & Recovery

Automated Backups
  • Continuous backups to geographically distributed locations
  • Automatic backup encryption
  • Regular restoration testing
We maintain regular backups and use industry-standard recovery procedures. For specific recovery scenarios or SLA requirements, contact enterprise sales.

Audit Logs & Monitoring

Activity Tracked Audit logs track login attempts and successes, permission changes, file uploads and access, workspace member changes, and API key generation and usage. For Workspaces Audit logs are available for workspace-level activities, can be exported for compliance purposes, and provide activity tracking for accountability.
Audit logs track workspace activities. For detailed audit requirements or real-time alerting, contact sales-team@brainbox.com.co for enterprise options.

Security Features

Session Management

Standard session management follows security best practices:
  • Secure session handling
  • Activity-based session management
  • Secure session cookies
Session management is implemented following security best practices. For specific session configuration or security hardening, contact support.

API Key Security

Keep API keys secret. Treat like passwords.
  • Unique per integration
  • Can set expiration dates
  • Scoped to specific workspaces
  • Revokable anytime
  • Regularly rotate keys (90-day recommendation)

File Security

Upload Validation
  • File type verification
  • Malware scanning available
  • Size validation
  • Integrity checking
Storage Security
  • Encrypted at rest
  • Access logged
  • Retention policies
  • Automatic cleanup

Compliance & Security Best Practices

For Your Organization

    ╔════════════════════════════════════════╗
    ║   SECURITY BEST PRACTICES CHECKLIST   ║
    ╠════════════════════════════════════════╣
    ║                                        ║
    ║  🔐 Access Management                  ║
    ║     ├─ Review members regularly       ║
    ║     ├─ Remove inactive users          ║
    ║     └─ Use role-based access          ║
    ║                                        ║
    ║  📄 Data Management                    ║
    ║     ├─ Classify by sensitivity        ║
    ║     ├─ Delete when done               ║
    ║     └─ Monitor access                 ║
    ║                                        ║
    ║  👥 Collaboration Safety               ║
    ║     ├─ Invite only necessary members  ║
    ║     ├─ Minimum permissions            ║
    ║     └─ Regular access reviews         ║
    ║                                        ║
    ╚════════════════════════════════════════╝
Access Management Use strong, unique passwords where applicable and enable multi-factor authentication when available. Review workspace members regularly and remove access for inactive users promptly. Implement role-based access, using Viewer for read-only needs. Maintain documentation of your access control policies. Data Management Classify files by sensitivity level so you know what needs extra protection. Use appropriate permissions for each classification. Delete sensitive files when you’re done with them rather than letting them accumulate. Disable public links when they’re no longer needed. Monitor file access patterns and document your data handling policies. Collaboration Safety Only invite members who genuinely need access. Assign the minimum required permissions for each person’s role. Document your access policies so everyone understands them. Communicate clearly about data sensitivity. Conduct regular access reviews—monthly or quarterly depending on your needs. Have a clear removal process for employees who are separating from the organization.

Incident Response

    ┌────────────────────────────────────────┐
    │    INCIDENT REPORTING FLOW             │
    ├────────────────────────────────────────┤
    │                                        │
    │  You Suspect Issue                     │
    │       ↓                                │
    │  Email security@brainbox.com.co        │
    │       ├─ Don't post publicly          │
    │       ├─ Describe the issue           │
    │       ├─ When it occurred             │
    │       └─ Include error messages       │
    │       ↓                                │
    │  Response within 24 hours              │
    │       ↓                                │
    │  Investigation & Resolution            │
    │                                        │
    └────────────────────────────────────────┘
If You Suspect a Security Issue First, do not post about it publicly—that could make the problem worse. Email security@brainbox.com.co immediately. Include a description of the issue, when it occurred, your account email, and any error messages you’ve seen. You’ll get a response within 24 hours, and we’ll communicate the investigation timeline. BrainBox Response Process Our security team follows a systematic process: immediate triage and assessment of the issue, containment if necessary to prevent spread, thorough investigation and root cause analysis, remediation and testing of fixes, communication to affected users, and post-incident review to prevent recurrence.

Third-Party Services

What We Use

Infrastructure & Databases
  • Supabase (PostgreSQL database + authentication)
  • Pinecone (vector database for AI search)
  • AWS (cloud infrastructure)
  • Vercel (application hosting)
  • GCP & Azure (additional services)
Payments
  • PayU and Trelli (payment processing)
  • PCI DSS compliance standards maintained
  • Payment data never stored on BrainBox
Analytics (Optional)
  • Usage analytics available
  • Privacy-focused implementation
  • No personal data shared

Data Sharing Policy

BrainBox Does NOT:
  • ❌ Share data with advertisers
  • ❌ Sell user data
  • ❌ Use data for marketing without consent
  • ❌ Grant third-party access without permission
  • ❌ Train AI models on your data without consent
Data Sharing Principles
  • Only when necessary for service
  • Under Data Processing Agreements
  • With user’s explicit consent
  • GDPR and privacy law compliant

Enterprise Features

For Large Organizations

For organizations needing custom solutions, we offer: Deployment Options
  • On-premise deployment under custom contracts
  • Custom cloud deployment in your own infrastructure
  • Custom personalization and configuration
Support & SLAs
  • Dedicated account manager
  • Priority support
  • Custom SLA agreements
Contact Sales for enterprise options: sales-team@brainbox.com.co

Transparency & Reports

Security & Compliance

Our infrastructure is built on providers with strong security credentials:
  • AWS: SOC 2 Type II, ISO 27001
  • Supabase: SOC 2 Type II, ISO 27001
  • Verified payment processing through PayU and Trelli
  • GDPR data protection compliant
If you need data exported in a format BrainBox doesn’t support, please reach out to support@brainbox.com.co and we’ll help you access your information.

Vulnerability Disclosure

If you discover a security vulnerability:
  1. Email security@brainbox.com.co
  2. Include detailed description
  3. BrainBox investigates and fixes
  4. Responsible disclosure appreciated
Security Questions? Contact security@brainbox.com.co Privacy Questions? Contact support@brainbox.com.co Data Requests? Contact support@brainbox.com.co