For the latest updates and information, please visit our Trust & Compliance Center (Password can be provided by your Customer Success Manager).
BRYTER follows procedures on an organizational and technical level that are trusted by banks, corporations, and law firms. As a GDPR-compliant company BRYTER hosts data on ISO 27001 certified providers in various locations (EU, US, Canada). To ensure maximum safety of your data BRYTER uses multiple layers of protection to provide a safe platform infrastructure. These layers include:
- Usage of password policies, to ensure that nobody except you will ever get access to your account.
- Inbound and outbound protection using firewalls and intrusion detection systems.
- Separation of application servers and databases.
- Daily backups which are stored on physically separated servers and encrypted using 256bit AES. We also test the process of backup restoration on a weekly basis.
- Data encryption at rest, which is stored in our databases and backups is encrypted using 256bit AES.
- Data encryption at transit, which traverses through the internet to your frontend and backend (encrypted using TLS1.2).
- Two-factor authentication, which we offer on request in combination with a mobile application like FreeOTP or Google Authenticator. These create a one-time password (OTP) that you will enter in your Web Browser to log in.
External network traffic
To prevent unauthorized traffic, external network perimeters are hardened and configured. Ports and protocols are limited to those with specific business purposes. Traffic from the public internet is only allowed through a high availability load balancer, which distributes tasks across application servers, and only allows TCP traffic on specific ports.
Application architecture diagram and data flows
Network architecture diagram
Inbound and outbound protection
Using firewalls and intrusion detection systems, communication is limited to strictly allowed systems. An intrusion prevention system monitors the network for malicious activity.
Separation of application servers and databases
Web and application servers are separated from corresponding database servers via firewalls and separate physical hardware. Traffic between all components is limited to the minimum.
BRYTER's customer data is logically segregated in the service environment. There is no way to pass data between different customer tenants. If physical segregation is required, please contact your customer success manager.
Backups are performed daily and are stored on physically separated servers together with their log data. They are encrypted using 256bit AES. The process of restoration is tested at least once a week.
When you log into BRYTER for the first time, you are asked to create your personal password. To ensure maximum safety, we recommend the following password guidelines.
- Never disclose your password to others, including management and system administrators.
- Avoid storing your password in an automated log-on system (e.g. macro or browser).
- Never write down your password and never distribute your password through any channel (by oral, written, or electronic distribution like E-Mail). If such a case occurred, change your password immediately.
- Use a unique password for every service. Tools like 1Password may help you generate unique passwords and enhance your level of security using digital products and services.
Here are guidelines for strong passwords, you should have:
- a password length of at least twelve characters
- at least one numeric character
- at least one uppercase and at least one lowercase alphabetic character
- at least one special character
- a password must not be a dictionary word, dialectal or jargon word from any language, or any of these words written backward
- passwords must not be based on personal data (e.g. date of birth, address, name of a family member, etc.)
BRYTER uses multiple types of encryption, depending on the given scenario.
- Encryption at rest, including backup: 256bit AES
- Encryption in transit: TLS1.2
- Encryption for user passwords: pbkdf2
- Encryption for module passwords: BCrypt
- SSL Grade: Grade A+ (ssllabs.com/ssltest)
In case of an incident or malfunction
In case of an incident don’t hesitate to contact us:
- Support e-mail: firstname.lastname@example.org
- Emergency number: (+49) 30 50930213