Security at Brick
At Brick, security is our top priority. We presenting world class data security which has also been certified ISO/IEC 27001:2013, We are enable recommendations from NIST's Federal Information Processing Standards (FIPS) with secure cryptographic AES-256 and implement proper password strength controls NIST SP 800-63B
In Applications layer we implement recommendations from The Open Web Application Security Project ® (OWASP)
A custom-built secure user login flow and encryption setup distributes a set of encryption keys between three different parties:
userSecret - stored on the user’s personal device
appSecret - stored on the client’s private servers
Encrypted Private key - stored with Brick on a secure database and is unique to each client
Each Brick client is issued a unique encryption key and all three keys - userSecret, appSecret, and Protected Private key - need to come together to access a single user's data. This results in no single party having access to unencrypted data.
What this means is that a compromise of all three parties involved, including physical access to the user's device, is required to access the information of one user. Even in the worst-case scenario of a breach in Brick's security or a complete database leak, user data is protected since Brick always stores sensitive data encrypted. No one at Brick, including employees and founders, has access to user information.
With this architecture, Brick goes above and beyond other commercial companies. While most companies also encrypt data and place restrictions on accessing data, user data is still accessible by verified employees and can be compromised since companies store their own encryption keys. Brick's decentralized approach in distributing the encryption keys and leaving no room for internal access of user data goes the extra mile in ensuring data security.
Updated 9 months ago