Security Measures
Brightmetrics’ layered security approach incorporates numerous technical and organizational safeguards to protect your data from various security threats.
Policies and Procedures
We’ve implemented a comprehensive security framework, including policies and procedures designed to protect data on our platform. These policies and procedures are aligned with industry standards, including SOC2, HIPAA, GDPR, CCPA, and others. Additionally, our information security program undergoes regular internal audits and external SOC2 Type II audits to ensure compliance and strict adherence to adopted standards.
Beyond our platform safeguards, Brightmetrics operates a vendor risk management program to help ensure we partner with suppliers who can demonstrate their ability to meet or exceed relevant standards for protecting customer data.
Our application includes robust security features that enable customers to implement their internal security controls beyond those built into our platform. This means that in addition to platform security controls like encryption both in transit and at rest and detailed audit logging, customers can implement granular role-based access control and enforce their multifactor authentication policies with single sign-on using their own identity providers.
Our application and the infrastructure it runs on protect customer data using AES-256 encryption, which is considered industry standard and widely used in government, military, and businesses in regulated industries. The keys used to encrypt each customer’s data are unique, and our application requires customers to explicitly grant access to our support team before accessing their data. Additionally, communications between end-users and Brightmetrics and between Brightmetrics and customer cloud environments and APIs are encrypted in transit using TLS.
Cloud and Datacenter Security
Brightmetrics is hosted by Microsoft’s Azure cloud environment, which is comprised of state-of-the-art physical data centers and cloud infrastructure and a global security team with thousands of cybersecurity experts. Azure maintains over 100 compliance certifications, including SOC2, ISO27001, and PCI-DSS. Azure’s compliance certifications include region-specific certifications for the United States, European Union, United Kingdom, and many more, as well as industry-specific certifications for key industries, including healthcare, state and federal government, finance, education, manufacturing, and media.
Limited Data Storage
We only store limited aggregated data needed for generating customer reports and dashboards. The customer’s data store remains the system of record for detailed reporting. This means that when a user drills down or runs a detailed report, we are no longer working with customer data stored on our infrastructure – we are pulling the data directly from the customer’s cloud environment and delivering it to the user’s browser without storing it on our platform.
Get Started Today with a FREE Trial!
Unlock the power of your data with Brightmetrics. Contact us to learn more about our solutions and how we can help your contact center with its operational efficiency.