Enterprise-grade security

Cloud Security

We follow cloud-native security best practices, implement continuous code delivery, system and network monitoring, and vulnerability assessments. Changes are highly automated and require strong authentication.

Asset Security

Our multi-party control eliminates single points of failure and improves resilience against loss or compromise of individual private keys. Multiple signers using cold wallets are required to perform all sensitive functions.

Identity & Access Controls

Multi-factor authentication (MFA) and strong password policies ensure access to cloud services are protected. Access to production systems require phishing-resistant hardware security keys.

Third-Party Audits

Our organization undergoes independent third-party assessments to test our security. Our smart contracts are audited by CertiK.

Monitoring & Risk Management

Brale conducts regular risk assessments, reviewing and updating our security policies as needed. We utilize continuous monitoring to identify and respond to events and audit logs allow us to reconstruct events after they occur.

Encryption Key Management

We use envelope encryption backed by key management service (KMS) hardware security modules (HSMs) and automated quarterly key rotation to keep your data safe.

Organizational Security

Our Information Security Program follows the guidance set forth by the SOC2 Security Trust Services Criteria. All employees undergo rigorous background checks and are subject to ongoing screening and security training throughout their employment.

Contact Us

If you have any questions, comments or concerns or if you wish to report a potential security issue, please contact security@brale.xyz. We believe in responsible disclosure and support it through a collaborative and communicative process with reporters.