Bevy cares deeply about availability, integrity and confidentiality of our customers' information. This page provides an overview of some of the security practices put in place at Bevy.
Please reach out to firstname.lastname@example.org for further information.
All of our services run in the cloud. We don’t host or run our own routers, load balancers, DNS servers, or physical servers.
Our service is built on Google Cloud Platform (GCP). They provide strong security measures to protect our infrastructure and are compliant with all relevant certifications. You can read more about their practices here.
All data sent to or from our infrastructure is encrypted in transit via industry best-practices using Transport Layer Security (TLS). Our SSL Labs Report is available here.
All database data is encrypted at rest. User passwords are further encrypted and salted within the database. Different methods of Single Sign-On (SSO) are also supported.
Client data is retained according to client-specific data retention policies.
We have put in place a comprehensive, pragmatic approach to risk identification, analysis and treatment as well as ongoing monitoring and review.
We back up all our critical assets and regularly attempt to restore the backup to guarantee a fast recovery in case of disaster. All our backups are encrypted. Data storage is set up for high-availability; web servers are configurable for redundancy and traffic-appropriate scalability.
Proper supplier management is an important part of security management strategy. We choose our vendors deliberately and require appropriate security due diligence. As such, vendors are part of our overall risk management process, vendor risk assessments occur at minimum prior to vendor selection, upon relevant changes (such as our own requirements or noteworthy changes in their security posture) or annually.
We develop our platform using best practices from security industry frameworks (such as OWASP).
Bevy’s Information Security Management System (ISMS) conforms with ISO/IEC 27001:2013. Compliance is certified via independent auditing. Please view our ISO 27001 certificate.
We are happy to share our most recent SOC 2 Type 2 report with clients and prospective clients who are under mutual NDA. If you are interested, please reach out to email@example.com.
Our company conforms with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks for regulating data privacy between the European Union and the United States.
We’re compliant with the EU General Data Protection Regulation (GDPR). The purpose of GDPR is to protect the private information of EU citizens and give them more control over their personal data. Contact us for more details on how we comply to GDPR.
Bevy operates on a foundation of strong ethical values. As such, we've developed a Whistleblower & Non-retaliation, Non-retribution or Non-intimidation Policy to enable employees, board members, and volunteers (hereinafter affected parties) to report any concerns they may have with regards to accounting matters, conflict of interest issues, disclosure of confidential information, falsification of contracts, reports or records or other serious issues and concerns regarding the operations of Bevy. These reports may be made anonymously and without fear of retaliation at firstname.lastname@example.org.
No one, who in good faith reports a violation of the Code of Conduct, shall suffer harassment, retaliation or adverse employment consequences. Any employee who retaliates against someone who has reported a violation in good faith is subject to discipline, up to and including termination of employment. The Whistleblower Policy is intended to encourage and enable employees and others to raise serious concerns within the organization and find an appropriate resolution.
Please reach out to email@example.com with further questions and/or feedback.