Certifications and Compliance

  • GDPR Compliance: Ensures the privacy and protection of personal data for customers in the EU, adhering to the General Data Protection Regulation.
  • CCPA Compliance: Guarantees the privacy and protection of personal data for customers in California, in accordance with the California Consumer Privacy Act (CCPA). Requests related to CCPA can be addressed by contacting support@bronto.io.
  • SOC 2 Type I/II: Achieved audit readiness for our SOC 2 Type I/II audits. The Type I audit is expected to be completed in Q3 2024, and the Type II audit is anticipated to be completed in Q4 2024. Regular audits are conducted to maintain compliance with industry standards.
  • Continuous Compliance Monitoring: Utilizes advanced tools and systems to continuously monitor compliance with security standards and regulations, promptly addressing any gaps.

Comprehensive Security Measures

Bronto employs a comprehensive approach to data security, encompassing encryption, penetration testing, system protection, and robust organizational measures.

Data Encryption

At Bronto, data is encrypted both at rest and in transit, adhering to industry standards and undergoing regular audits to ensure maximum security.
  • Data at rest is stored within Amazon Web Services (AWS) infrastructure and secured with AES-256 bit encryption provided by AWS technologies.
  • Data in transit is protected using AES-256 bit encryption and TLS to secure network traffic.

Penetration Testing

Bronto conducts regular vulnerability scans and annual penetration tests to proactively identify and mitigate potential security threats.

System Protection and Resilience Against Failure

Bronto systems are segmented into separate networks and protected by restrictive firewalls and Virtual Private Networks (VPNs) to secure network traffic and prevent unauthorized access. Network segmentation isolates sensitive data and systems. Regular backups and tested data recovery procedures ensure business continuity. Additionally, vulnerability assessments and patch management processes are in place to guard against known vulnerabilities.

Organisational Security Practices

Bronto’ commitment to security extends beyond technological measures to include comprehensive organizational practices:
  • Employee Training: All employees receive regular training on security best practices, including phishing awareness, data handling procedures, and incident response protocols.
  • Stringent Security Requirements: We enforce stringent security measures such as encrypted storage and two-factor authentication.
  • Security Policies: Our comprehensive and regularly updated policies cover all aspects of data protection and compliance, ensuring robust governance.
  • Incident Response: A thorough response plan is in place for the prompt identification, assessment, mitigation, and remediation of security incidents, with predefined procedures for effective handling.
  • Continuous Monitoring: We utilize Intrusion Detection Systems (IDS) for real-time threat detection and analysis.

Sub-processors

Bronto collaborates with a limited number of trusted sub-processors. For a complete list, see Sub-processors. We regularly review all third parties to ensure they meet our high security standards.

Report Vulnerabilities

Bronto takes all reports seriously and follows a responsible disclosure process. Please submit any vulnerabilities via email to security@bronto.io.