BRANDWORDER
SECURITY

Security Without Guesswork

Policies, encryption, access control and privacy. Clear answers, no fluff.

PoliciesDataAccessEncryptionPrivacyAI & DataOperationsFAQ

Principles

Data ownership

Your content remains yours. We don’t sell customer data.

Least privilege

Access is designed to be role-based and limited to what’s needed.

Defense in depth

Multiple layers: access control, encryption, and monitoring.

Transparency

We answer security questionnaires and share details during review.

Data handling

We minimize data, separate concerns, and keep customer content isolated by design.

What we store

  • Account and workspace data
  • Content and knowledge entries you create
  • Operational logs needed to run the service

Retention & deletion

  • We retain data only as needed for the service
  • Deletion requests can be handled through support / during offboarding
  • Backups follow a defined retention policy (details on request)

Subprocessors

  • A list of subprocessors can be provided during security review

Access control

Access is designed around roles and accountability.

Role-based access

Permissions are assigned by role to reduce risk.

Auditability

We keep operational logging to support investigation when needed.

Secure authentication

We support secure sign-in patterns. Advanced options can be discussed during review.

If you require SSO, ask during review.

Encryption

We use encryption in transit and at rest to protect data. Implementation details can be shared during a security review.

  • Data is protected while transmitted
  • Data is protected while stored
  • Keys and access are managed with least-privilege principles

Privacy

We process personal data only to provide the service. We can provide a Data Processing Agreement (DPA) and subprocessor details on request.

  • Purpose limitation: service delivery
  • No selling of customer data
  • Access limited to support and operations when needed

This page is not legal advice. See Privacy Policy for details. Privacy Policy

AI & customer data

If external AI providers are used, data is processed only to deliver the requested functionality. We minimize what is sent and avoid unnecessary retention where possible.

Minimization: send only what’s needed

Isolation: customer context is not shared across tenants

Transparency: we can explain what data is used for which feature

Exact provider and retention settings depend on deployment.

Operational security

Monitoring

We monitor service health and security signals to detect issues.

Incident response

We follow an incident process and communicate relevant updates.

Vulnerability reporting

If you find an issue, report it responsibly. We’ll respond and prioritize fixes.

Security contact: security@brandworder.com

FAQ

Need security details for procurement?

We can support your security review and questionnaires.

No spam. No nonsense. Just clarity.