Security policy

This Security Policy describes the BrandStencil security procedures and processes. If you have any questions please contact us.

This Security Policy is effective from 1 December 2017. We may amend it from time to time, so check this page to ensure that you are aware of any changes.

Updated: 15 November 2021

Service availability

  1. The BrandStencil server is constantly monitored. Should the service go offline, it will be automatically restarted.
  2. It is understood that, in order to use the application effectively, a modern browser is required and a stable internet connection.
  3. As a SaaS product BrandStencil is constantly being updated, under normal circumstances these updates will not interrupt use of the application. For information on these updates please refer to our Change log.
  4. View a current uptime status report here.

Our infrastructure

BrandStencil’s servers are hosted with Digital Ocean, a leading cloud services provider with global data centres. Further details of Digital Ocean commitment to trust and security, as well as compliance certification can be found on their Trust Platform.

Physical security

Digital Ocean's UK servers are located in Equinix's secure data centre in London, UK. Further details on Equinix's physical security features can be found on their website. We can provide a technical specification for the data centre on request.

Server security

BrandStencil uses enterprise-grade hardware to provide the most stable and reliable hosting environment. Our security measures include:

  1. Use Cloudflare as an extra layer of security to help prevent DDOS attacks.
  2. Regularly run server security updates.
  3. Restrict access via a firewall.

Application security

BrandStencil is written in the super secure Laravel PHP framework. This has a comprehensive suite of proprietary security features including:

  1. All passwords are hashed and salted using AES encryption protocol.
  2. Route level authentication (meaning no URL can be access without a valid login).
  3. CSRF form protection to protect against cross-site request forgeries.
  4. All server responses are protected via a strict http headers policy.
  5. All data transfer is encrypted and authenticated using a strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA with P-256), and a strong cipher (AES_256_GCM). You can check our SSL report here.

Information security

  1. The only data BrandStencil stores is user credentials (email address, name and password) and the content added to saved artwork.
  2. All data is stored on a server in our UK based data centre.
  3. All PDF and Image files are generated by BrandStencil on demand and are not stored.
  4. Direct access to server is limited to core staff and will only be used to address an issue with the application - please refer to our privacy policy.

Backups and redundancy

  1. All content on the server is backed up on a daily basis so your data is safe.
  2. All data is stored off site to provide extra redundancy.
  3. Although incredible unlikely, in the event of a catastrophic system-wide failures, we can perform a full backup restore within one business day.


BrandStencil is continuously monitored by internal and external monitoring tools. We regularly carry out vulnerability scanning to provide detailed reporting on the latest vulnerabilities. An up to date report can be provided on request.

Security standards

BrandStencil follows the National Cyber Security Centre SaaS Security Principles. The NCSC is a government organisation improving cyber security in the UK. A report can be provided on request.

Get in touch

Please contact us if you have any questions