Brandslip strives to manage and monitor the security of our application and all related services.
Brandslip has completed the A-EP AOC, validated through a third-party QSA, and completed quarterly passing scans by a third party-approved scanning vendor (ASV) to achieve PCI-DSS v3.1 compliance. Brandslip also uses a Level 1 PCI-certified payment processor, ensuring continued protection of customer credit card data throughout the transaction life cycle.
Brandslip forces HTTPS for all services using TLS (SSL).
All browser connections and communication is transmitted over SSL (TLS), ensuring data privacy and integrity. Our servers only support 128- or 256-bit cipher suites over TLS 1.1 or higher, protecting against unauthorized disclosure, modification, and replay attacks.
We regularly audit the details of our implementation: the certificates we serve, the certificate authorities we use, and the ciphers we support. We use HSTS to ensure browsers interact with Brandslip only over HTTPS. Brandslip is also on the HSTS preloaded lists for both Google Chrome and Mozilla Firefox.
We use a third-party, top-tier datacenter that maintains a number of industry-recognized certifications, including: FedRAMP, ISO, SOC, PCI, and more. Our hosting provider is also compliant with numerous regulations, privacy standards, and frameworks, including HIPAA, HITECH, GLBA, the EU Data Protection Directive, EU-US Privacy Shield, FISMA, and more than 30 others.
All authentication and session data is encrypted with AES-256, ensuring your account credentials and sessions remain protected and unreadable in a stored state.
We perform weekly internal and monthly external vulnerability scans to root out the latest in web, application, and system vulnerabilities. Additionally, we perform daily dynamic application scans using a leading web app security scanner. Our security team investigates all reported security issues in a thorough and responsive manner. If you believe you’ve discovered a bug in Brandslip’s security, please get in touch with us at firstname.lastname@example.org. We will respond as quickly as possible to your report. We request that you not publicly disclose the issue until it has been addressed by Brandslip.