Security Policy

This document describes the BrandStencil security procedures.

Physical security

BrandStencil’s servers are located in a secure data centre based in Manchester, UK. It’s security features include:

  1. High security perimeter fencing
  2. 24×7 security and NOC staff presence
  3. A state-of-the-art IP CCTV system
  4. Access control system
  5. Interlocked doors
  6. Man-traps, interlocked doors

Server security

BrandStencil uses enterprise-grade hardware to provide the most stable and reliable hosting environment. Our security policies include:

  1. Constantly updated CentOS 6 operating system
  2. Using hypervisor and router level firewalls used alongside iptables firewall rules
  3. Ensuring malware and antivirus software is up to date.
  4. Implement stringent rulesets to mitigate and prevent denial of service attacks.

Application security

BrandStencil is written in the super secure Laravel PHP framework. This has a comprehensive suite of proprietary security features including:

  1. All passwords are hashed and salted using AES encryption protocol
  2. Route level authentication (meaning no URL can be access without a valid login)
  3. CSRF form protection to protect against cross-site request forgeries.
  4. All server responses are protected via a strict http headers policy: https://schd.io/3prZ
  5. All data transfer is encrypted and authenticated using a strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA with P-256), and a strong cipher (AES_256_GCM). https://www.ssllabs.com/ssltest/analyze.html?d=app.brandstencil.com

Information security

  1. The only data BrandStencil stores is user credentials (email address, name and password) and the content added to saved artwork
  2. All data is stored on a server in our UK based data centre
  3. All PDF and Image files generated by BrandStencil are permanently deleted from the server each night
  4. Direct access to server is limited to core staff and will only be used to address an issue with the application - please refer to our privacy policy

Backups and Redundancy

  1. All our infrastructure is installed with a minimum of N+1 redundancy, and certain key elements at 2N
  2. All content on the server is backed up on a weekly and daily basis so your data is safe
  3. We additionally store an off site backup of all content to provide extra redundancy
  4. Although incredible unlikely, in the event of a catastrophic system-wide failures, we can perform a full backup restore within one business day.