This Security Policy describes the BrandStencil security procedures and processes. If you have any questions please contact us.
This Security Policy is effective from 1 December 2017. We may amend it from time to time, so check this page to ensure that you are aware of any changes.
- The BrandStencil server is constantly monitored. Should the service go offline, it will be automatically restarted.
- It is understood that, in order to use the application effectively, a modern browser such as Internet Explorer 10+ is required and a stable internet connection
- As a SaaS product BrandStencil is constantly being updated, under normal circumstances these updates will not interrupt use of the application. For information on these updates please refer to our Change log.
- View a current uptime status report here.
BrandStencil’s servers are located in a secure data centre based in Manchester, UK. It’s security features include:
- High security perimeter fencing
- 24×7 security and NOC staff presence
- A state-of-the-art IP CCTV system
- Access control system
- Interlocked doors
- Man-traps, interlocked doors
BrandStencil uses enterprise-grade hardware to provide the most stable and reliable hosting environment. Our security policies include:
- Constantly updated CentOS 6 operating system
- Using hypervisor and router level firewalls used alongside iptables firewall rules
- Ensuring malware and antivirus software is up to date.
- Implement stringent rulesets to mitigate and prevent denial of service attacks.
BrandStencil is written in the super secure Laravel PHP framework. This has a comprehensive suite of proprietary security features including:
- All passwords are hashed and salted using AES encryption protocol
- Route level authentication (meaning no URL can be access without a valid login)
- CSRF form protection to protect against cross-site request forgeries.
- All server responses are protected via a strict http headers policy: https://schd.io/3prZ
- All data transfer is encrypted and authenticated using a strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA with P-256), and a strong cipher (AES_256_GCM). https://www.ssllabs.com/ssltest/analyze.html?d=app.brandstencil.com
- The only data BrandStencil stores is user credentials (email address, name and password) and the content added to saved artwork
- All data is stored on a server in our UK based data centre
- All PDF and Image files generated by BrandStencil are permanently deleted from the server each night
Backups and redundancy
- All our infrastructure is installed with a minimum of N+1 redundancy, and certain key elements at 2N
- All content on the server is backed up on a weekly and daily basis so your data is safe
- We additionally store an off site backup of all content to provide extra redundancy
- Although incredible unlikely, in the event of a catastrophic system-wide failures, we can perform a full backup restore within one business day
Please contact us if you have any questions.
Back to top | Print page