Security Overview

Security is one of the largest considerations in everything we do here at Brandcast. The Brandcast infrastructure is hosted on Amazon Web Services which is all contained within a virtual private network. Instances only communicate amongst themselves using the virtual private interface. We enforce strict firewall rules and policies, only allowing SSH access to instances from inside the Brandcast office by authorized employees. Finally, for critical services and integrations, we enable and enforce two-factor authentication as well.

We know your websites and applications are extremely important to you and your business, and we want all our users to feel secure. If you have any questions, or encounter any issues, please contact us at: security@brandcast.com

 
 

Security Overview

Security is one of the largest considerations in everything we do here at Brandcast. The Brandcast infrastructure is hosted on Amazon Web Services which is all contained within a virtual private network. Instances only communicate amongst themselves using the virtual private interface. We enforce strict firewall rules and policies, only allowing SSH access to instances from inside the Brandcast office by authorized employees. Finally, for critical services and integrations, we enable and enforce two-factor authentication as well.

We know your websites and applications are extremely important to you and your business, and we want all our users to feel secure. If you have any questions, or encounter any issues, please contact us at: security@brandcast.com

 
 

Security Features

Brandcast studio traffic runs entirely over encrypted SSL with Perfect Forward SecrecyHeartbleed, and POODLE vulnerabilities and attacks mitigated (see our SSL Labs Report). In cryptography, forward secrecy (also known as perfect forward secrecy or PFS) is a property of key-agreement protocols that ensures that a session key derived from a set of long-term keys will not be compromised if one of the long-term keys is compromised in the future.

We use Strict Transport Security (HSTS) to ensure browsers interact with Brandcast studio exclusively over https. This means passwords and other sensitive data is never leaked over the network.

All passwords are hashed using bcrypt with a cost factor of 10. We don't ever store your password in plain-text. Bcrypt is a fortified cipher that is near-impossible to crack.

We do not store any credit card information. This data is handed off to Braintree, a company dedicated to storing your sensitive data on PCI-compliant servers.

Employees are required to encrypt their hard drives, utilize strong passwords, and enable screen locking.

 
 

Whitehat

Responsible disclosure of security vulnerabilities.

We want to keep Brandcast safe for everyone. If you've discovered a security vulnerability, we appreciate your help in disclosing it to us in a responsible manner.

In return for finding any vulnerabilities, we offer "swag" such as stickers, t-shirts, and hoodies. The criteria for disclosing a security vulnerability are as follows:

  • You must be the first person to disclose the vulnerability.
  • Must not have disclosed the vulnerability to anyone or anywhere else.
  • Must not be a vulnerability hosted by a third party (i.e. CDN, blog, support, analytics, etc) unless it leads to a vulnerability on the main website or application.
  • Must not be a DoS or DDoS attack.
  • Must not be spam.

Publicly disclosing a vulnerability can put Brandcast at risk. If you've discovered a security concern, please email us at security@brandcast.com. We'll work with you to make sure that we understand the scope of the issue, and that we fully address your concern. We consider correspondence sent to security@brandcast.com our highest priority, and work to address any issues that arise as quickly as possible.

Please act in good faith towards our users' privacy and data during your disclosure. We won't take legal action against you, or administrative action against your Brandcast account if you act accordingly: White hat researchers are always appreciated.

Our PGP key is below. You may use this key to encrypt your communications with Brandcast. (Unfamiliar with PGP? Have a look at GPG, and start by importing a public key). Once you've imported our key, you can verify the signature of e-mails we send you by running gpg --verify.


Key ID: 398A5770F613C390
Key Algorithm: RSA
Key Size: 4096
Fingerprint: 9BB0 61DA 7548 037B 544C 9444 398A 5770 F613 C390
User ID: Brandcast Security <security@brandcast.com>

 
 

-----BEGIN PGP PUBLIC KEY BLOCK---

Version: Mailvelope v1.1.0

Comment: https://www.mailvelope.com

xsFNBFYNkucBEADiYJivlqEpfKEC4hHtBmA+PCDxGQQbDSR63ltTqXLDB4Sw
xhM/CQvEzvnfUY1Wrs6pGDIpue3MAl7IYtMwsCx/uDuN3LeTwQSkasH19wVh
WlMIvpcz9dykDqRFcVbGIUh/7nPtdeLFOkpsYOCpI5M+sif8jScLW6GIXE2A
ee0lDlfCe1pe5XDt8+LvY+31FdLUyPXCZRQkU0eeEqDh4vKp0BYHo+0JqKR9
VZkS1oNkJZCTGcs87VRFgWs8dOxMr9wG//GuycBLU9knuj1aSwzQhiS6aOas
2miV8B4eG94wpUzfS+1SMD1pp8unzHkObY1hJz+m+Eii6xUzf1NgxyQcZqqB
B/iF/j1vQelFIXi8jfhQmnQlRm0jsgeiXXL6OYiu42XhQqTFQWMNnjxJ+jZl
d5/P5JWrU9kRkWyjcgB1sICsvi+3HxPzJjhcWwGph9oCZmg6Ly8sGdOYyJF+
5rhmnSPJm88VA02m5nZpOmcqjQk6enIuXr2g5KgptG5LV7gTD2k+myYB0uTW
jxCB45LO4Mk0G12smrrOP1sOJEQQ6FelCA8N0FVT/oUYV+s/ZHGuhRv4/Syp
sNAl7az1zQl38Txm/9sdGriCKdiGGyMVgFBD6IX1RXfWRJKpCWSAEhmLBM4+
bGgBgO2fKiLLy04R+VBp8HsRBdl4BHCu7x7gyQARAQABzStCcmFuZGNhc3Qg
U2VjdXJpdHkgPHNlY3VyaXR5QGJyYW5kY2FzdC5jb20+wsF1BBABCAApBQJW
DZLsBgsJCAcDAgkQOYpXcPYTw5AEFQgCCgMWAgECGQECGwMCHgEAAKmsD/9h
FQqaGuomH9LOEkW5EbiAmfsuc8VDypsE0qoE+wHTSX0/JIoax5bhwcqe1UjP
KgCgC9bbOf/2+VeYEWwNV4nksy2lBSvlNYODEIC7GQwBJDVUkSg8c+aH/wHB
/sRjRcrtNJRUjJSZXVO8irjePJIdCaBIWqT7EzoJHwHollAZ53dMvzdeEPWI
yrAl9ojNizWrtn41Qzu92/annmNlDh2zskWzWerp0B/JT11MWAFpYhOFqvkm
mjSHp9GQh3hXdohjqp9krJc7Qms9EYl0+IbuA0b6AWzylEQvcxayRK73N9Ex
rl+/IiHEvlul572znL67VvB7QF/3wbTC5TdJkLnKXm+tbNC/9vNACsyv2bmz
0mNjYizUbJWmmh7zO+8mYG1Vv9RrclNBpWEtiFJRyVAkZWHwMV1umuALkYRP
ZGsp6M03Tocbkwlm8XH3LmE3es90AVQN9mSg99oAj/aZEYTowU1ye5zA7Q9T
u9uh2yjM3aHtFU4oPgzT4MpkJtTPXSpH2XaY+XfmaZ0YVSSAy3Nl1iyohTck
RJrEQwSX5hZB0xMApo5f2eQ/XeHeC+NKoAsP5Viv/IMZqTgOE6hZb0TH3AdQ
dU7BZH7P9BRz4LEntrvrFs7BTQRWDZLnARAAvlvL9NgCyETnlJxVXk0rSNUA
aAT+O8C2bohh7bUF87+N28mxX+HADRpP7ktK6xM39JK+1ieDnc59ygPjqgwA
G8vSnDbOJ8a3eWJi6vy2XaLtB+mUB8zbA9qqyfHnLnFCeXS+/wzNMKq+aK7a
/IIt7wnlytNtEgM98xoSVLDwRNoOC45EEsVCvA3jaUXElFDOPx3WGjhsUx1a
Fj1svcsJY8FQwyIMgqCxgTqKhgJuIL1lRJLm3CFo+YclpHk4ciiaHcApZnOe
jMTp9awJVmbcKUxv56KDlBGfAVO53ia0XJ1R1OMVbpRWM4Meo2wT8HyH+Bjz
N0WZP0VMtiMUyhm7JwBfIOf6lQGjGMH7375y/Li/FG/veRHdMpugvsmTI3/n
j9ee4V/dOp4bJyPCsa5L6t7Ss+1OghkNF36PfFxA2nfw6fOfm4kXQM4obtV2
nuvzLUjlr7Fps8K1wZeQ2Nq9lLsklkFX2qoVf5o1ulRkyv1n4l2AHWSe6yxu
5yCtJkg5UWs6ffDMshM5Q55f06yFTiwNLxmbbxE+NWmxrh0WZq23dNaWh6Xb
DSaD4g/ckg3Y8iD0W7Kb4iTYF5m++rj0zSQdG90bGeLI3TIgDkPTpoJEbvee
5v7PsNQrhB8vS382pFXMXgMsZVRFB8qR9wNmrgKFuH0zndkCSZNBR6s28wsA
EQEAAcLBXwQYAQgAEwUCVg2S7gkQOYpXcPYTw5ACGwwAAAdRD/9PrZ6ovd0z
8oyQpbr6e+chgq7o01xV8Om8IvGdXjiB8h4BgTogsc55yAVsjaxu2GED+89a
s4OyJdMuom5hzomGfN2zY8E4d0IDNKB6a91C2R2IaazJqc6Lqq0Ore5MV4GQ
dNrXH0QSZ+cY4ounXCo7lvz6vY1dfH4OL0xuxigxPASVK5UiqZCahcqiqEYR
kJcj1EaZiLvOoYJfeciLNBbPYmaj5TEf5Okq7SdQF2GTxeKrGQUjOwJymHqR
Kfvcz2TpKjE3TeYm/clLGTzRzMuikE2ZeKU0YexmQctCRzuk2ijceJ7K3XkJ
bjU3vjie6rHfTIzoQpaNbYESA5Ql/wZyRgO9n8b8RVtyvhqxRNcF2Z0w4FX
r2M4o/Mf3m8oRAGng+eXgQymczTd7Vzc3W+g6jVwmqAft77X7rsYySAA7WWl
jVYf7Bn1ytZvUQFarphqn+kiXeYiv6gRqQeAIeWbzvumwsjtPnGEBaXqHAST
5F8ik2o6UhXX/QV0nt+AUokn6zmCfvZPU6lKiyk4tL8/UzVH9HKbueTRUCen
iZ6xdEvBWHbwZf/GL3O2kk7vdWsTB/Sf95Dp1XPF4T13nXcik0KZLUcMD/Lx
8tdehmCKXJpDkF2ERqErX49io/y09846UrqJomFgLWdYxnDqi4ETiJOUSOZM
JWDv87/EhGf6qw==
=Jk/I

——END PGP PUBLIC KEY BLOCK——