Security policy

This Security Policy describes the BrandStencil security procedures and processes. If you have any questions please contact us.

This Security Policy is effective from 1 December 2017. We may amend it from time to time, so check this page to ensure that you are aware of any changes.

Service availability

  1. The BrandStencil server is constantly monitored. Should the service go offline, it will be automatically restarted.
  2. It is understood that, in order to use the application effectively, a modern browser such as Internet Explorer 10+ is required and a stable internet connection
  3. As a SaaS product BrandStencil is constantly being updated, under normal circumstances these updates will not interrupt use of the application. For information on these updates please refer to our Change log.
  4. View a current uptime status report here.

Physical security

BrandStencil’s servers are located in a secure data centre based in Manchester, UK. It’s security features include:

  1. High security perimeter fencing
  2. 24×7 security and NOC staff presence
  3. A state-of-the-art IP CCTV system
  4. Access control system
  5. Interlocked doors
  6. Man-traps, interlocked doors

Server security

BrandStencil uses enterprise-grade hardware to provide the most stable and reliable hosting environment. Our security policies include:

  1. Constantly updated CentOS 6 operating system
  2. Using hypervisor and router level firewalls used alongside iptables firewall rules
  3. Ensuring malware and antivirus software is up to date.
  4. Implement stringent rulesets to mitigate and prevent denial of service attacks.

Application security

BrandStencil is written in the super secure Laravel PHP framework. This has a comprehensive suite of proprietary security features including:

  1. All passwords are hashed and salted using AES encryption protocol
  2. Route level authentication (meaning no URL can be access without a valid login)
  3. CSRF form protection to protect against cross-site request forgeries.
  4. All server responses are protected via a strict http headers policy.
  5. All data transfer is encrypted and authenticated using a strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA with P-256), and a strong cipher (AES_256_GCM). You can check our SSL report here.

Information security

  1. The only data BrandStencil stores is user credentials (email address, name and password) and the content added to saved artwork
  2. All data is stored on a server in our UK based data centre
  3. All PDF and Image files generated by BrandStencil are permanently deleted from the server each night
  4. Direct access to server is limited to core staff and will only be used to address an issue with the application - please refer to our privacy policy

Backups and redundancy

  1. All our infrastructure is installed with a minimum of N+1 redundancy, and certain key elements at 2N
  2. All content on the server is backed up on a weekly and daily basis so your data is safe
  3. We additionally store an off site backup of all content to provide extra redundancy
  4. Although incredible unlikely, in the event of a catastrophic system-wide failures, we can perform a full backup restore within one business day


BrandStencil is continuously monitored by internal and external monitoring tools. We use for automated vulnerability scanning. This provides detailed reporting on the latest vulnerabilities. An up to date report can be provided on request.

Security standards

BrandStencil follows the National Cyber Security Centre SaaS Security Principles. The NCSC is a government organisation improving cyber security in the UK. A report can be provided on request.

Please contact us if you have any questions.