Trust & Safety

Security

How we build and operate with security at every layer.

Last updated: June 2026

Our Commitment

Security is not an afterthought at Braincoders — it is a design principle. We apply rigorous security practices to our internal operations, client-facing infrastructure, and every product we ship. This page outlines the controls we have in place and how to reach us if you discover a vulnerability.

Infrastructure & Hosting

  • Client systems are hosted on AWS and GCP, which hold SOC 2 Type II, ISO 27001, and PCI-DSS certifications.
  • Production environments are isolated from development and staging by network policies and separate accounts.
  • We use infrastructure-as-code (Terraform / Pulumi) for reproducible, auditable deployments.
  • Automated vulnerability scanning runs on every build via our CI/CD pipelines.

Data Encryption

  • All data in transit is encrypted with TLS 1.3 or higher.
  • Data at rest is encrypted using AES-256.
  • Secrets and API keys are managed through dedicated secret managers (AWS Secrets Manager, GCP Secret Manager) and are never stored in source code.

Access Controls

  • Role-based access control (RBAC) limits system access to what each team member needs.
  • Multi-factor authentication (MFA) is mandatory for all internal systems and cloud consoles.
  • We apply the principle of least privilege and review permissions quarterly.
  • All access to production environments is logged and monitored.

Monitoring & Incident Response

We operate continuous monitoring via cloud-native services and third-party SIEM tooling. In the event of a security incident affecting client data, we commit to notifying affected parties within 24 hours of confirmed impact, following a documented incident-response runbook aligned with NIST guidelines.

Responsible Disclosure

If you discover a potential security vulnerability in our website or products, we ask that you report it responsibly before public disclosure. Email security@braincoders.io with a description of the issue, steps to reproduce, and any relevant artefacts. We will acknowledge your report within 48 hours and work to resolve confirmed vulnerabilities promptly. We appreciate responsible researchers and will credit you publicly if you wish.

Contact

Security enquiries: security@braincoders.io. For general questions about our trust and safety practices, contact us at hello@braincoders.io.