At Brick, security is not just a feature—it’s a foundation. Our infrastructure, protocols, and internal practices are designed to meet the highest global standards in data protection, ensuring your business and users remain safe at all times.
🛡️ Industry Certifications & Standards
- ISO/IEC 27001:2013 Certified
Brick complies with globally recognized standards for information security management systems. - NIST-Compliant Cryptography
We follow recommendations from the National Institute of Standards and Technology (NIST):- Use of AES-256 for secure data encryption.
- Implementation of password strength controls per NIST SP 800-63B guidelines.
- OWASP Best Practices
Our application layer is secured based on the Open Web Application Security Project (OWASP) standards to defend against the top 10 most common web vulnerabilities.
🔒 Key-Based Encryption Architecture
We employ a custom, multi-party encryption model that ensures no single party—including Brick—can access user data without authorization.
Encryption key distribution is as follows:
| Component | Stored By | Description |
|---|---|---|
| userSecret | End-user's personal device | Tied to the user, accessible only on their device |
| appSecret | Your (client’s) private servers | Controlled by your business |
| Encrypted Private Key | Brick's secure servers | Unique per client, stored encrypted |
To decrypt user data, all three components must be combined. This means:
Even Brick cannot access unencrypted user data—not even in the event of a breach.
What This Means for You
- Even if Brick’s database were compromised, user data would remain encrypted and unusable.
- Brick employees, engineers, and even founders cannot access raw user data.
- Access to a user's data would require physical access to the user’s device, your app server, and Brick’s encrypted database—an exceedingly improbable scenario.
✅ Going Beyond Industry Norms
Most platforms store encryption keys on their own servers—accessible by internal teams. Brick’s decentralized encryption architecture ensures:
- Zero internal access
- Zero tolerance for key sharing
- Maximum protection, by design
Security is in our DNA. With Brick, you’re not just integrating a platform—you’re choosing a partner that treats your users' data like its own: with uncompromising care.