Last updated: Jan 14, 2020
BranchUp maintains organizational and technical measures to protect information you provide to us from loss, misuse, and unauthorized access or disclosure. These measures take into account the sensitivity of the information BranchUp collects, processes and stores; the current state of technology; the costs of implementation; and the nature, scope, context, and purposes of the data processing BranchUp engages in.
Where used in this Security Practices document, “BranchUp Services” means the Self-Serve Services or Enterprise Services, as applicable and as defined in the terms applicable to your access to and use of the BranchUp Services (the “Agreement”). Capitalized terms not defined in this document have the meanings given to them in the Agreement.
BranchUp maintains appropriate controls to restrict its employees’ access to the Customer Content that you and your Authorized Users make available via the BranchUp Services, and to prevent access to Customer Content by anyone who should not have access to it.
All of BranchUp’s employees are bound by BranchUp policies regarding the confidential treatment of Customer Content.
BranchUp employees receive security training during onboarding and on an ongoing basis. Employees are required to read and sign information security policies covering the confidentiality, integrity, availability and resilience of the systems and services BranchUp uses in the delivery the BranchUp Services. Where applicable, including for particularly sensitive positions, BranchUp also conducts criminal background checks on employees before employment.
All systems used in the provision of the BranchUp Services, including firewalls, routers, network switches, and operating systems, log information to secure log servers in order to enable security reviews and analysis.
BranchUp’s infrastructure runs on systems that are fault tolerant and it provides Enterprise customers with a guaranteed up-time, as set out in the Enterprise Terms of Service.
When your use of the BranchUp Services requires BranchUp’s systems to store Customer Content, such Customer Content is stored redundantly at multiple locations in BranchUp’s hosting provider’s data centers to ensure availability. BranchUp has backup and restoration procedures to allow recovery from a major disaster. Customer Content and BranchUp’s source code is automatically backed up on a nightly basis. BranchUp’s operations team is alerted in the event of any failure with this system. Backups are fully tested at least every 90 days to confirm that these processes and tools work as expected.
In addition to system monitoring and logging, BranchUp has implemented firewalls that are configured according to industry best practices, and ports not utilized for delivery of the BranchUp Services are blocked by configuration with our data center provider.
BranchUp performs automated vulnerability scans on its production hosts and uses commercially reasonable efforts to remediate any findings that present a material risk to the BranchUp environment. BranchUp enforces screen lockouts and the usage of full disk encryption for company laptops.
BranchUp maintains an extensive, centralized logging environment in its production environment which contains information pertaining to security, monitoring, availability, access, and other metrics about the BranchUp Services. These logs are analyzed for security events via automated monitoring software, overseen by BranchUp’s security team.
BranchUp monitors the BranchUp Services for unauthorized intrusions using network-based and host-based intrusion detection mechanisms. BranchUp analyzes data collected by users’ web browsers (e.g., device type, screen resolution, time zone, operating system version, browser type and version, system fonts, installed browser plug-ins, enabled MIME types, etc.) for security purposes, including to detect compromised browsers, to prevent fraudulent authentications, and to ensure that the BranchUp Services function properly.
BranchUp currently uses Amazon Web Services (AWS) for its production data centers to provide the BranchUp Services. AWS has been selected for its high standards of both physical and technological security, and has internationally recognised certifications and accreditations, demonstrating compliance with rigorous international standards, such as ISO 27017 for cloud security, ISO 27018 for cloud privacy, SOC 1, SOC 2 and SOC 3, PCI DSS Level 1, and others. For more information about Amazon Web Services’ certification and compliance, please visit the AWS Security website and the AWS Compliance website.
New features, functionality, and design changes go through a review process facilitated by BranchUp’s security team. In addition, BranchUp’s code is tested and manually peer-reviewed prior to being deployed to production. BranchUp’s security team works closely with its product and engineering teams to resolve any additional security or privacy concerns that may arise during development.
BranchUp maintains security incident management policies and procedures. BranchUp notifies impacted customers without undue delay of any unauthorized disclosure of their Customer Content by BranchUp or its agents of which BranchUp becomes aware, to the extent permitted by law.
These security practices apply to the BranchUp Services defined in your Agreement with BranchUp, excluding the BranchUp Ads Services.