Introduction

Security at Brick

Security at Brick covers the controls, certifications, encryption model, access controls, and infrastructure safeguards Brick documents for API and dashboard integrations. Use this page to understand how Brick describes its security posture before planning production access, credential handling, callback processing, or data workflows.

Industry Certifications & Standards

ISO/IEC 27001:2013 Certified
Brick complies with globally recognized standards for information security management systems.
NIST-Compliant Cryptography
We follow recommendations from the National Institute of Standards and Technology (NIST):
- Use of AES-256 for secure data encryption.
- Implementation of password strength controls per NIST SP 800-63B guidelines.
OWASP Practices
Our application layer is secured based on the Open Web Application Security Project (OWASP) standards to defend against the top 10 most common web vulnerabilities.

Key-Based Encryption Architecture

We employ a custom, multi-party encryption model that ensures no single party—including Brick—can access user data without authorization.

Encryption key distribution is as follows:

Component	Stored By	Description
userSecret	End-user's personal device	Tied to the user, accessible only on their device
appSecret	Your (client’s) private servers	Controlled by your business
Encrypted Private Key	Brick's secure servers	Unique per client, stored encrypted

To decrypt user data, all three components must be combined.

What This Means for You

Even if Brick’s database were compromised, user data would remain encrypted and unusable.
Brick employees, engineers, and even founders cannot access raw user data.
Access to a user's data would require the relevant key components from the user device, your app server, and Brick's encrypted database.

Key Handling Model

Brick's decentralized encryption architecture is designed to avoid a single internally accessible key path by separating key components across the user device, your app server, and Brick's encrypted storage.

Last modified on June 17, 2026

What is Brick?Meet BrickI

Industry Certifications & Standards

ISO/IEC 27001:2013 Certified
Brick complies with globally recognized standards for information security management systems.

NIST-Compliant Cryptography
We follow recommendations from the National Institute of Standards and Technology (NIST):

Use of AES-256 for secure data encryption.
Implementation of password strength controls per NIST SP 800-63B guidelines.

OWASP Practices
Our application layer is secured based on the Open Web Application Security Project (OWASP) standards to defend against the top 10 most common web vulnerabilities.

Key-Based Encryption Architecture

We employ a custom, multi-party encryption model that ensures no single party—including Brick—can access user data without authorization.

Encryption key distribution is as follows:

Component

Stored By

Description

userSecret

End-user's personal device

Tied to the user, accessible only on their device

appSecret

Your (client’s) private servers

Controlled by your business

Encrypted Private Key

Brick's secure servers

Unique per client, stored encrypted

To decrypt user data, all three components must be combined.

What This Means for You

Even if Brick’s database were compromised, user data would remain encrypted and unusable.

Brick employees, engineers, and even founders cannot access raw user data.

Access to a user's data would require the relevant key components from the user device, your app server, and Brick's encrypted database.