At Brick, security is our top priority. We enable world class data security, using a three-point failure system with industry grade encryption to protect user data. A combination of 4096-bit RSA keys and 256-bit AES keys are used for encryption.
A custom-built secure user login flow and encryption setup distributes a set of encryption keys between three different parties:
- userSecret - stored on the user’s personal device
- appSecret - stored on the client’s private servers
- Encrypted Private key - stored with Brick on a secure database and is unique to each client
Each Brick client is issued a unique encryption key and all three keys - userSecret, appSecret, and Protected Private key - need to come together to access a single user's data. This results in no single party having access to unencrypted data.
What this means is that a compromise of all three parties involved, including physical access to the user's device, is required to access the information of one user. Even in the worst-case scenario of a breach in Brick's security or a complete database leak, user data is protected since Brick always stores sensitive data encrypted. No one at Brick, including employees and founders, has access to user information.
With this architecture, Brick goes above and beyond other commercial companies. While most companies also encrypt data and place restrictions on accessing data, user data is still accessible by verified employees and can be compromised since companies store their own encryption keys. Brick's decentralized approach in distributing the encryption keys and leaving no room for internal access of user data goes the extra mile in ensuring data security.
Updated 6 months ago