Our customers rely on Bringg to orchestrate one of the most important parts of their business – their last mile delivery and fulfillment operations. That’s why we continually protect the integrity of the data, ensuring that our data-led delivery and fulfillment orchestration platform exceeds industry standards.
Compliance & Certifications
- SOC2 Type 2
Developed by the American Institute of CPAs (AICPA), Service Organization Control (SOC) 2 defines the criteria for managing customer data. Bringg’s security and privacy controls are examined and audited on an annual basis by an independent, expert third party auditor.
More information and a copy of our SOC2 Type2 report (including privacy section) is available upon request and subject to a non-disclosure obligation.
- ISO 27001
ISO/IEC 27001:2013 is the most rigorous global standard for information security management. Bringg’s certification is renewed annually and can be received upon request and subject to a non-disclosure obligations.
- Laws and Regulations (GDPR, CCPA, LGPD)
Bringg is committed to comply with global laws and regulations, including EU- GDPR and Brazil – LGPD as a data processor, and US- CCPA, as Service Provider, in the provision of Bringg’s Services to its customers.
- HIPAA Security Rules
The Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (“HIPAA”) are a series of federal regulatory standards that outline the lawful use and disclosure of Protected Health Information (PHI) in the United States.
In the course of providing the Bringg Services, Bringg may access, use, disclose, and/or process PHI on customer’s behalf (defined as “Covered Entity”), in the capacity of a “Business Associate”. The access and use of Covered Entity’s PHI by the Business Associate will be subject to the execution of a Business Associate Agreement (BAA).
Bringg’s HIPAA controls are reviewed annually as part of our SOC2 Type 2 privacy audit.
- Data Residency
Bringg implements a cloud-based SaaS model, currently with the use of the cloud solutions offered by Amazon Web Services (“AWS”) and Google Cloud Platform (“GCP”). By using AWS and GCP we are able to leverage the high performance, durability, scalability, availability and security of the AWS and GCP infrastructures and procedures in the provision of our Services. All User Information collected by us as part of the operation of the Services is stored in a database owned by AWS and/or GCP and controlled by us (the “Database”).
- Data Protection
The data is stored on cloud provider managed disks. The data is encrypted at rest. All communications to the operational database (Postgres) as well to our historical storage (S3, GCS) are encrypted in transit.
All data backups are stored encrypted in our cloud providers’ facilities.
- Data Retention
Operational data retained for 90 full days in multiple locations.
Historical data free from Personal Identifiable Information (PII), is stored indefinitely.
Application activity data (logs) is stored for 8 weeks.
- Authentication and Authorization
Bringg uses a Single Sign Off (SSO) authentication and authorization tool.
Bringg’s password policy is set to complex password, and password age is 90 days.
Infrastructure & Network Security
- Business Continuity Plan
The infrastructure of the data storage facilities used to host the Database has a high level of availability and provides a resilient IT architecture. Such infrastructure is designed to tolerate system or hardware failures with minimal user impact.
During the COVID-19 (Coronavirus) pandemic, Bringg transitioned to an all-remote workforce without delay or interruption, ensuring continuity of services to our customers. Our team is equipped with Cloud-based tools and remote access & collaboration solutions, and makes use of these tools daily.
- Network Security
Access control lists, or traffic flow policies, are established on each managed interface, which manage and enforce the flow of User Information traffic.
Access to the Database may only be made through a limited number of access points. These access points allow secure HTTP access (HTTPS), which establishes a secure communication session with the Database.
All user information transmitted to or from the Database is transmitted using strong industry standard cryptography and security protocols, such as HTTP or HTTPS using Transport Layer Security (TLS 1.2 or higher).
Wifi – Bringg manages its global networking in a centralized manner. Bringg’s every office has a full ad safe networking topology with separated VLAN’s.
- Penetration Test
Bringg engages an independent company to perform penetration tests on Bringg’s platform web access and APIs. More information is available upon request, subject to a non-disclosure obligation.
Physical access is strictly controlled both at the perimeter and at building entrance points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access data storage floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.
Automatic fire detection and suppression equipment is installed. Uninterruptible Power Supply (UPS) units and on-site generators provide layers of back-up power. Data storage facilities are conditioned to maintain atmospheric conditions at optimal level, and personnel and systems monitor and control temperature and humidity at appropriate levels. This is in order to maintain a constant operating temperature for servers and other hardware, which prevents overheating and reduces the possibility of service outages.