BSBT logo

Security

Overview

At bsbt.net, we take security seriously. We are committed to protecting the confidentiality, integrity, and availability of our systems and data. This page outlines the key practices and policies we follow to safeguard our platform and users.

Data Protection

All user data is encrypted in transit using TLS 1.3 and at rest with AES-256. We perform regular backups with encryption and store them in geographically redundant locations. Access to production data is restricted to authorized personnel only and is logged for audit purposes.

Infrastructure Security

Our infrastructure is hosted on industry-leading cloud providers that maintain SOC 2 Type II and ISO 27001 certifications. We enforce network segmentation, use managed firewalls, and continuously monitor for vulnerabilities. Systems are patched automatically within 24 hours of critical updates being released.

Access Controls

We enforce multi-factor authentication (MFA) for all internal accounts and encourage users to enable MFA on their profiles. Role-based access control (RBAC) ensures employees only have the minimum permissions necessary. Privileged actions require additional approval workflows and are logged.

Secure Development

Security is integrated into every stage of our software development lifecycle. Code changes undergo automated static analysis, dependency scanning, and peer review before deployment. We run quarterly penetration tests and maintain a bug bounty program to identify and remediate vulnerabilities.

Incident Response

We maintain a 24/7 incident response plan with defined escalation paths. Security events are monitored continuously, and critical incidents trigger immediate containment and remediation procedures. Customers will be notified within 72 hours if their data is affected by a confirmed breach.

Compliance & Certifications

bsbt.net undergoes annual third-party audits to maintain compliance with GDPR, CCPA, and industry standards. We are actively working toward SOC 2 Type II certification, with the audit scheduled for completion in Q4 2026.