Enterprise-grade security
Cloud Security
We follow cloud-native security best practices, implement continuous code delivery, system and network monitoring, and vulnerability assessments. Changes are highly automated and require strong authentication.
Asset Security
Our multi-party control eliminates single points of failure and improves resilience against loss or compromise of individual private keys. Multiple signers using cold wallets are required to perform all sensitive functions.
Identity & Access Controls
Multi-factor authentication (MFA) and strong password policies ensure access to cloud services are protected. Access to production systems require phishing-resistant hardware security keys.
Third-Party Audits
Our organization undergoes independent third-party assessments to test our security. Our smart contracts are audited by CertiK.
Monitoring & Risk Management
Brale conducts regular risk assessments, reviewing and updating our security policies as needed. We utilize continuous monitoring to identify and respond to events and audit logs allow us to reconstruct events after they occur.
Encryption Key Management
We use envelope encryption backed by key management service (KMS) hardware security modules (HSMs) and automated quarterly key rotation to keep your data safe.
Organizational Security
Our Information Security Program follows the guidance set forth by the SOC2 Security Trust Services Criteria. All employees undergo rigorous background checks and are subject to ongoing screening and security training throughout their employment.
Contact Us
If you have any questions, comments or concerns or if you wish to report a potential security issue, please contact security@brale.xyz. We believe in responsible disclosure and support it through a collaborative and communicative process with reporters.