At BriefTech, we prioritize the security and privacy of our clients' data. We follow industry-leading practices to ensure the highest levels of security.
Cloud Infrastructure
All customer data is securely stored in Google Cloud in the Singapore region.
Service Availability: Backed by Google's uptime SLA, our services are designed with redundancy to ensure high availability.
Data Availability: All storage services are replicated across availability zones to ensure that our services are available whenever you need them.
Security: Only authorized BriefTech employees can make changes to our Google Cloud infrastructure. Access is via SSO and 2FA, and all account actions are logged.
Monitoring and Logging: We use Google Cloud services such as Cloud Monitoring and Cloud Audit Logs to monitor and detect threats to our Google Cloud infrastructure, and to generate a comprehensive audit trail.
Virtual Machines and Patching
BriefTech does not maintain persistent virtual machines to operate any service. We exclusively use managed services such as Cloud Run, removing the need for server patching and reducing common attack surfaces.
Access Control
We implement access controls to ensure only authorized personnel have access to sensitive information.
Access measures follow role-based access controls (RBAC), ensuring users have the appropriate permissions for their roles.
Data Encryption
In Transit: All data transmitted between users and our platform is secured with TLS encryption.
At Rest: Data stored within our cloud infrastructure is protected with AES-256 encryption.
Secure Software Development Lifecycle (SSDLC)
Our platforms follow industry best practices, such as mitigating OWASP Top 10. All code is reviewed prior to being merged into the main branch.
Third-party dependencies are continually monitored for vulnerabilities, and we ensure we stay up to date with the latest secure libraries.
Incident Response
We have incident management processes in place to quickly identify, contain, and resolve security or data incidents.
Our incident management procedures include investigation, mitigation, reporting, and resolution to minimize any impact.
We notify clients of any circumstances suggesting a data incident in accordance with applicable laws.
Compliance with Privacy Regulations
BriefTech complies with the Singapore Personal Data Protection Act (PDPA).
For more information, please refer to our Privacy Policy.
Data Usage Restrictions
We do not train our own AI models. We only use publicly available pre-trained models.
We ensure the agreements with our AI providers do not allow them to use your data for training. Moreover, they do not log your requests so cannot view or persist your data.
We do not use, replicate, or distribute any uploaded data for purposes related to training, refining, or developing our AI technologies, including language models or machine learning algorithms.
Data Retention
Your data is safe and secure when stored in our platform, and you have full control to remove it whenever you want. When you choose to delete data from the platform, it is permanently removed.