BrightSumo Get in touch
Legal

Security Overview

Last updated: 2026-05-16

This page summarises the technical and organisational measures that BrightSumo applies to the website at brightsumo.co and the supporting systems used to operate it. It is a transparency summary and not a binding security commitment; specific contractual commitments for our products are set out in their respective agreements and data processing addenda.

Effective date: 2026-05-16.

1. Governance

  • A named individual is accountable for information security and privacy across BrightSumo.
  • Information security responsibilities are documented and reviewed at least annually.
  • Material vendors are reviewed before engagement and re-reviewed periodically.
  • An incident response process is in place for security and privacy events.

2. Infrastructure and hosting

  • The website is hosted on reputable cloud infrastructure with hardened defaults.
  • Traffic is served over HTTPS using modern TLS configurations; HTTP requests are redirected to HTTPS.
  • A content delivery network is used for caching, request routing, and basic bot mitigation.
  • Production and non-production environments are logically separated.

3. Access control

  • Access to systems is granted on a least-privilege basis and tied to individual accounts.
  • Multi-factor authentication is required for administrative access where the platform supports it.
  • Access is reviewed periodically and revoked promptly upon role change or departure.
  • Production credentials are stored in a managed secrets store and are not committed to source control.

4. Software development

  • Source code is maintained in a version-controlled repository with branch protection on the main branch.
  • Changes are reviewed before deployment.
  • Dependencies are tracked and patched on a regular cadence, with priority given to security advisories.
  • Static configuration is audited for secrets before being merged.

5. Data handling

  • This website collects only the minimum personal data needed to operate the site and respond to inquiries (see Privacy Policy).
  • Personal data is encrypted in transit. Where stored, it is encrypted at rest by the underlying cloud service.
  • Retention windows are documented in the Privacy Policy and enforced through periodic deletion.
  • We do not sell personal data, and we do not share it for cross-context behavioural advertising.

6. Monitoring and logging

  • Server, edge, and application logs are collected to support diagnostics and security investigations.
  • Anomalous activity, such as repeated authentication failures or denial-of-service patterns, triggers automated mitigations through the CDN.
  • Logs are retained for a finite period appropriate to the system.

7. Backups and resilience

  • This is a primarily static website; its content is recoverable from source control and rebuildable on demand.
  • Where dynamic data is stored, the underlying provider offers managed backups and point-in-time recovery.
  • Restoration procedures are documented for the systems we operate.

8. Incident response

  • Suspected security or privacy incidents are triaged promptly upon detection.
  • Investigations identify scope, root cause, and required remediation.
  • Affected individuals, customers, and supervisory authorities are notified where required by applicable law and any contractual commitments.
  • Post-incident reviews are conducted to reduce the likelihood of recurrence.

9. Sub-processors

Vendors that may have access to personal data we control are listed on our Sub-processors page. Each is engaged under appropriate contractual safeguards.

10. Responsible disclosure

If you believe you have found a security vulnerability, please report it to hello@brightsumo.co with the subject "Security disclosure". Please do not exploit the vulnerability beyond what is necessary to verify it, do not access data that is not yours, and give us a reasonable opportunity to remediate before any public disclosure. We will acknowledge legitimate reports and work in good faith with researchers acting responsibly.

11. Contact

Security or compliance questions? Email hello@brightsumo.co.

This document is provided for transparency. It is not legal advice. If you have a question about it, contact us at hello@brightsumo.co.