Security

The security of Bratic systems and the data residing within them is crucial to us, and we treat potential security issues as a top priority. We do our best to protect the data of Bratic merchants and customers from security threats, and we encourage all users and security researchers to report security vulnerabilities discovered in our platform. We are committed to handle vulnerability reports in a timely manner and with the greatest attention, provided that the following Policy is respected.

At Bratic, we see security as fundamental, not just an add-on. As the digital landscape expands, the importance of protecting your personal and financial information grows. We're committed to maintaining robust security measures. Here's our approach to ensuring your data is securely protected at Bratic:

Encryption at Rest and in Transit

We take the security of your data seriously, whether it's stored or being sent. We use strong encryption to protect it from unauthorised access, keeping your information safe and private at all times.

No Stored Payment Information

We've chosen not to store your payment card information on our servers. Instead, we partner with certified payment processors who are experts in secure payment processing. These processors are PCI DSS certified, adding an extra layer of security to your financial transactions. Additionally, our hosting provider is certified against multiple standards, ensuring comprehensive protection at every level of our infrastructure.

Secure by Design

Security is at the core of our application design. We implement secure defaults and conduct daily scans of our application code and dependencies. Any potential vulnerabilities are promptly addressed, making sure our systems are up-to-date and protected against new threats.

Role-Based Access

At Bratic, access is tailored to individual roles. This means employees only get access to the information and tools essential for their jobs. It's a practical way to keep things secure and straightforward, minimising the chance of sensitive data falling into the wrong hands.

Rigorous Testing and Monitoring

Our internal security team regularly tests our applications for vulnerabilities, complemented by annual penetration testing performed by external experts. Furthermore, our applications are continuously monitored, enabling us to detect and swiftly respond to potential attacks. This proactive approach ensures the highest level of security resilience and operational integrity.

Comprehensive Logging

In the unlikely event of an incident, our extensive logging capabilities allow us to swiftly trace and understand the sequence of events. This rapid response capability is crucial for mitigating risks and securing our platform against future threats.

Responsible Disclosure Program

We believe in the power of community and collaboration. Our responsible disclosure program invites security researchers and users to report any potential vulnerabilities. This approach helps us improve security and shows our dedication to being open and constantly getting better.

Ongoing Security Training

It's important to stay updated on security. We provide our employees with ongoing training in the newest security practices and protocols. This ensures our team is alert, upholds strong security practices, and remains conscious and accountable in their roles.