Security policy

This document explains how Brandbook works and outlines the steps we currently take to keep Brandbook.io secure. Security of an online platform is an ongoing endeavor and, as a result, our security protocols and procedures will almost certainly evolve from what is stated here. Please contact us if you require specific security protocols, procedures or assurances.

Shared / read-only access to Brandbooks

The Brandbook.io platform allows users to set an access code so that suppliers such as graphic designers, marketing teams, employees of print shops, etc. can access the brand guidelines and uploaded files without having the ability to modify the Brandbook — e.g. these “read-only” users cannot upload or remove files and cannot make any changes to text.

This read-only mode is limited exclusively to users who have entered the access code that has been set on the Brandbook and subsequently shared with them. Files in a Brandbook are not available to users who do not enter the access code — even if a user shares a link to a file in the Brandbook via email or social media. This means that the content of a Brandbook is explicitly not visible to search engines.

Read-only mode should be considered a form of controlled access rather than private access. It is possible that a user with read-only access can share the Brandbook URL and the access code to other people. The Brandbook access code is just like a wifi password: only one access code is set on the Brandbook which means multiple people will have this code and it is not personalized for one specific user.

The access code for read-only access to the Brandbook can be changed at anytime. Changing the access code will immediately invalidate the previous access code.

Application login security

Brandbook.io monitors application logins for brute force attempts to gain access to our platform. Malicious attacks are blacklisted for a specific window of time. This reduces the changes that a bot will be able gain unauthorized access to user accounts and Brandbooks.

Brandbook.io stores only salted and hashed passwords in our database (e.g. no plain text passwords) using the Argon2 password hashing algorithm. This is currently the recommended way to securely store user passwords in a database.

https://password-hashing.net/

Application security

Brandbook.io uses an actively maintained web framework as the base of our platform. We proactively apply the latest security patches released by this web framework and monitor other application dependencies for security updates.

Server security

Brandbook.io is hosted on an actively supported base operating system. We monitor the security updates released by the operating system vendor and regularly apply these updates.

Brandbook.io is accessible for server configuration and management only with private key SSH connections — password-only logins are explicitly disabled. SSH access is only granted to a limited number of people who directly work on server configuration and server management. We use only modern and secure SSH public key types: RSA keys >= 2048 bits, ECDSA and Ed25519 keys. DSA and RSA keys < 2048 bits are not used because they are not secure.

Even with SSH password-only logins disabled, we monitor the SSH service for attempts to brute force our servers and proactively ban any malicious attack that is detected.

Hosting provider

Brandbook.io is currently hosted in the Netherlands and we are committed to keeping Brandbook.io hosted within the EU. This ensures that the Brandbook.io platform will always be subject to EU data protection laws.

Our current hosting provider is ISO 27001 ISO 9001 PCI-DSS NEN 7510 and ISAE 3402 Type I certified.

Last change: July 17, 2019