Overview
Brandfetch is SOC 2 Type 2 compliant, having completed an independent audit covering the Security trust service category. Our enterprise customers, including leading multinational banks, trust our platform for its security posture and our commitment to best-in-class data handling practices.User Data & PII
- Minimal PII Storage: Brandfetch does not collect or store Personally Identifiable Information (PII) beyond login email addresses for passwordless authentication.
- Logging: We retain logs for up to 90 days for operational purposes. These may include IP addresses and User-Agent strings, which typically reflect server infrastructure rather than individual users.
API Data Handling
- Public Data Only: The Brandfetch API strictly processes publicly available data tied to domain names. It does not access, store, or interact with any private or customer-owned data.
- Data Processing Workflow: Our API indexes, processes, and enhances publicly available brand data, making it accessible for our customers. At no point does the API interact with private data.
Security Measures
- Data Encryption: We utilize AES-256 encryption for data at-rest and TLS for data in-transit, ensuring end-to-end security.
- Secure Infrastructure: Our development, staging, and production environments are hosted on Amazon Web Services (AWS), which offers secure, resilient hosting with 24x7 security and compliance certifications.
- Best Development Practices: Our software development lifecycle adheres to OWASP best practices, incorporating human review processes enhanced by AI to maintain high quality standards.
Contact sales
Have questions about security, want to discuss enterprise usage, or need help optimizing your API integration?Contact sales with our team to get started.