Security

Last updated: February 20, 2026

Our approach is designed to protect data and keep the service available.

Implemented controls

Encrypted ERP connector credentials and role-based access controls.
HttpOnly web sessions and CSRF protection for write operations.
Frontend/API security headers (CSP/HSTS/X-Frame-Options/nosniff).
Audit and security event logging with request correlation IDs.
Automated class-based retention and cleanup.
Approval-gated DSAR export/delete workflow with legal-hold checks.
Suppression controls that prevent accidental lead/newsletter re-ingestion after DSAR delete.

We do not currently publish a SOC 2 or ISO 27001 certification claim as a commercial commitment.
We do not currently claim a public bug bounty program.

If you suspect a security issue, contact hello@databrief.io.

Last updated: February 20, 2026

Our approach is designed to protect data and keep the service available.

Encrypted ERP connector credentials and role-based access controls.
HttpOnly web sessions and CSRF protection for write operations.
Frontend/API security headers (CSP/HSTS/X-Frame-Options/nosniff).
Audit and security event logging with request correlation IDs.
Automated class-based retention and cleanup.
Approval-gated DSAR export/delete workflow with legal-hold checks.
Suppression controls that prevent accidental lead/newsletter re-ingestion after DSAR delete.

We do not currently publish a SOC 2 or ISO 27001 certification claim as a commercial commitment.
We do not currently claim a public bug bounty program.

If you suspect a security issue, contact hello@databrief.io.