Security & Data Handling
How we protect your brand data and our operations
Brandefense handles evidence from phishing investigations — screenshots, domain data, registrar communications. We treat this data with the discipline it requires: encrypted in transit and at rest, least-privilege access, documented chain of custody, and periodic deletion.
Data handling
Encryption and data residency
Encryption at rest
All takedown evidence — screenshots, WHOIS captures, registrar correspondence — is stored in AES-256 encrypted databases. Encryption keys are managed using envelope encryption with hardware security module (HSM) backing.
Encryption in transit
All API endpoints and web traffic run over TLS 1.3. HTTPS is enforced with HSTS headers. Internal service-to-service communication is encrypted over mTLS.
Data residency
Customer brand data, takedown evidence archives, and account information are stored in US-region infrastructure only. No data is processed or stored in cross-border infrastructure without explicit customer consent.
Access controls
Least-privilege role-based access across all internal systems. Production access is logged and auditable. Employee access is reviewed quarterly. Offboarding includes immediate access revocation across all systems.
Operational security
Takedown evidence chain of custody
Detection & capture
When a threat is detected, Brandefense immediately captures timestamped screenshots, DNS records, WHOIS data, and any available kit signatures. These are stored in the customer's evidence archive with SHA-256 hash verification.
Registrar contact
Abuse templates include hash-linked evidence references. Registrar responses — including ticket IDs and acknowledgment timestamps — are stored alongside the original evidence package, creating a full chain of custody record.
Resolution & deletion
After a takedown is confirmed (domain suspended / channel removed), evidence is retained for 12 months for potential legal proceedings, then securely deleted per our data-retention policy. Customers may request export of their evidence archive at any time.
Compliance posture
Designed with SOC 2 controls — Type II audit in progress
We operate with security controls aligned to the SOC 2 Trust Services Criteria (Security, Availability, Confidentiality). We are in active preparation for a formal Type II audit. We do not claim certification until it is independently verified.
Security criterion
Logical access controls, encryption, network segmentation, and vulnerability management procedures aligned to SOC 2 CC6 and CC7 criteria.
Availability criterion
Infrastructure monitoring, automated alerting, and documented incident response procedures designed to maintain service availability targets for SLA commitments.
Confidentiality criterion
Customer brand intelligence, takedown evidence, and account data treated as confidential — NDA available, data processing agreements on request, sub-processor list maintained.
Vulnerability disclosure
Security researchers may report vulnerabilities to [email protected]. We acknowledge within 48 hours and commit to coordinated disclosure within 90 days of receipt.
Get started
Your brand is being impersonated right now.
Brandefense finds and removes it — before your customers report it.