brAIstorm
Back to Home

Security at brAIstorm

Your data security and privacy are our top priorities. Learn about the measures we take to protect your information.

Our Security Commitments

End-to-End Encryption

All data is encrypted both in transit and at rest using industry-standard AES-256 encryption.

Secure Infrastructure

Our servers are hosted on secure, SOC 2 compliant cloud infrastructure with regular security audits.

Zero Knowledge Architecture

We cannot access your private data - only you have the keys to decrypt your mind maps.

Regular Security Audits

We conduct regular security assessments and penetration testing to identify and fix vulnerabilities.

Data Protection

Encryption Standards

  • AES-256 encryption for data at rest
  • TLS 1.3 for data in transit
  • RSA-4096 for key exchange
  • PBKDF2 for password hashing with salt

Data Storage

  • Data centers are ISO 27001 and SOC 2 Type II certified
  • Physical security controls including biometric access
  • 24/7 monitoring and surveillance
  • Regular backups with encrypted storage

Access Controls

  • Multi-factor authentication for all employee accounts
  • Role-based access control (RBAC)
  • Principle of least privilege
  • Regular access reviews and deprovisioning

Application Security

Secure Development

  • Secure coding practices and code reviews
  • Static and dynamic application security testing (SAST/DAST)
  • Dependency scanning for known vulnerabilities
  • Regular security training for development team

Runtime Protection

  • Web Application Firewall (WAF) protection
  • DDoS protection and rate limiting
  • Intrusion detection and prevention systems
  • Real-time security monitoring and alerting

AI Model Security

Data Privacy in AI Processing

  • AI models process data in isolated, secure environments
  • No user data is stored in AI model training datasets
  • Differential privacy techniques protect individual data points
  • Regular model audits to prevent data leakage

Model Integrity

  • Adversarial testing to prevent prompt injection attacks
  • Content filtering to prevent generation of harmful content
  • Model versioning and rollback capabilities
  • Continuous monitoring for model drift and anomalies

Compliance & Certifications

GDPR Compliant

Full compliance with European General Data Protection Regulation

CCPA Compliant

California Consumer Privacy Act compliance for US users

SOC 2 Type II

Annual audits of our security controls and processes

ISO 27001

International standard for information security management

Incident Response

We maintain a comprehensive incident response plan to quickly identify, contain, and resolve security incidents:

  • 24/7 security monitoring and alerting systems
  • Dedicated incident response team with clear escalation procedures
  • Regular incident response drills and plan updates
  • Transparent communication with affected users within 72 hours
  • Post-incident analysis and security improvements

Your Security Best Practices

Help us keep your account secure:

  • Use a strong, unique password for your brAIstorm account
  • Enable two-factor authentication when available
  • Log out from shared or public devices
  • Keep your browser and devices updated
  • Report any suspicious activity immediately
  • Be cautious when sharing mind maps or exported content