Security & Trust

At Brand Ninja, protecting our customers’ data is fundamental to our mission.

We design every part of our platform with privacy, integrity, and availability in mind — following the same security standards trusted by leading SaaS providers worldwide.

Our Security Principles

  1. Security by Design – Every new feature undergoes threat modelling and code review before release.
  2. Least-Privilege Access – Access to systems and data is restricted by role and continuously reviewed.
  3. Defense in Depth – Multiple layers of technical and organizational controls protect data end-to-end.
  4. Continuous Monitoring – Automated alerts, logging, and audit trails ensure visibility and rapid response.

Data Encryption

  • In Transit: All traffic between browsers, APIs, and AWS services is encrypted using TLS 1.2+ with HSTS and strong cipher suites.
  • At Rest: Customer data stored in Amazon DynamoDB and Amazon S3 is encrypted using AES-256 via AWS KMS-managed keys (SSE-KMS).
  • Key Management: Encryption keys are managed and rotated automatically by AWS Key Management Service, with access logged through AWS CloudTrail.

Infrastructure Security

  • Hosted entirely on Amazon Web Services (AWS) in ISO 27001, SOC 2, and PCI-DSS-compliant data centers located in Sydney and other approved regions.
  • CI/CD pipelines enforce code signing, dependency scanning, and secret-detection gates.
  • All data backups are encrypted and tested regularly for recovery integrity.

Application Security

  • Static and dynamic code analysis on every build.
  • Multi-factor authentication (MFA) enforced for admin and engineering accounts.
  • Continuous vulnerability scanning and patch management across all environments.

Operational Security

  • Centralized identity management via AWS IAM and SSO with strict password and session controls.
  • All production access is audited and logged.
  • Change-management procedures track every deployment and infrastructure modification.
  • Incident response plan aligned with the Notifiable Data Breaches (NDB) scheme and ISO 27001 A.16 guidelines.

Privacy & Compliance

  • Compliant with the Australian Privacy Principles (APPs) and the Privacy Act 1988 (Cth).
  • Optional Data Residency within Australia for enterprise customers.

Reliability & Uptime

  • Deployed across multiple AWS availability zones with automated failover.
  • Continuous monitoring of uptime, latency, and system health via AWS CloudWatch.
  • Public status page (coming soon) to provide real-time operational transparency.

Responsible Disclosure

We welcome reports of potential vulnerabilities.

If you believe you’ve discovered a security issue, please email security@brandninja.ai.

We’ll acknowledge your report within one business day and work promptly to resolve the issue.

Questions or Requests

Need a security questionnaire completed, or proof of compliance for procurement?

Contact our Security & Compliance Team at:

📧 security@brandninja.ai