This Security Policy outlines how BrandStencil protects the confidentiality, integrity and availability of our platform and the data entrusted to us. If you have any questions please contact us. This policy was first published on 1 December 2017 and is reviewed regularly.
Updated: 3 December 2025
Service Availability
The BrandStencil server is constantly monitored. Should the service go offline, it will be automatically restarted.
It is understood that, in order to use the application effectively, a modern browser is required and a stable internet connection.
As a SaaS product BrandStencil is constantly being updated; under normal circumstances these updates will not interrupt use of the application. For information on these updates please refer to our Change log.
View a current uptime status report here.
Infrastructure
BrandStencil is hosted in UK-based cloud environments managed by leading providers with strong security and compliance standards. Uploaded client assets are stored in encrypted storage within the UK region.
Further information about our infrastructure partners’ security practices can be found on their respective security and compliance pages.
Physical Security
Our hosting providers operate secure UK data centres with robust physical and environmental protections. Technical specifications can be provided on request.
Server Security
BrandStencil follows industry-standard practices to protect the platform, including:
applying security updates to servers and services
restricting administrative access
using protective network controls
Application Security
BrandStencil is built on a modern, well-maintained application framework that includes core security features such as:
secure password hashing
authenticated access to routes and resources
protection against common web vulnerabilities (e.g., CSRF)
secure HTTP headers
strong TLS encryption for data in transit
Single Sign-on (SSO)
BrandStencil supports SAML-based single sign-on, allowing organisations to authenticate their users through their existing identity provider. This enables seamless access using existing work credentials and ensures access policies remain under the customer’s control.
Payment Processing
Where payment functionality is enabled, BrandStencil uses Stripe’s hosted Checkout service. Users are redirected to a Stripe-hosted page to enter their card details, and Stripe processes the payment on its own PCI-compliant systems.
BrandStencil does not handle or store cardholder data. We retain only a non-sensitive payment reference for audit purposes. The page initiating the redirect is protected through our standard secure development and deployment processes and restricted administrative access.
Information Security
BrandStencil stores user credentials (email address, name and password), customer account configuration, uploaded client assets and the content added to saved artwork.
Application data and uploaded assets are stored securely within our UK-based cloud infrastructure. Exported files (PDFs and images) are generated on demand and are not retained.
Administrative access to the hosting environment is limited to authorised staff and used only when necessary to support the platform — please refer to our privacy policy for more details.
Backups and Redundancy
Automated backups are performed regularly and stored in secure, geographically separate cloud locations. Multiple recovery points are retained. Further details are included in our Business Continuity and Disaster Recovery Plan.
In the event of a system-wide failure, a full restoration can typically be completed within one business day.
Monitoring
The platform is monitored for performance and security. We also conduct regular vulnerability scanning. Reports can be provided on request.
Application and infrastructure logs are retained to support monitoring and diagnosis of issues, and access to log data is restricted to authorised personnel.
Security Standards
BrandStencil follows the National Cyber Security Centre SaaS Security Principles and is certified under the UK government’s Cyber Essentials scheme.
Further details on any of the above can be provided on request, please contact help@brandstencil.com.