Overview

Given that our platform exclusively handles public data and our API does not process any PII or sensitive customer information, we have not prioritized SOC2 certification at this time. However, our enterprise customers, including leading multinational banks, continue to trust and work with us, recognizing the security context of our public-data model and our SOC2–compliant handling of internal systems and infrastructure.

User Data & PII

  • Minimal PII Storage: Brandfetch does not collect or store Personally Identifiable Information (PII) beyond login email addresses for passwordless authentication.
  • Logging: We retain logs for up to 90 days for operational purposes. These may include IP addresses and User-Agent strings, which typically reflect server infrastructure rather than individual users.

API Data Handling

  • Public Data Only: The Brandfetch API strictly processes publicly available data tied to domain names. It does not access, store, or interact with any private or customer-owned data.
  • Data Processing Workflow: Our API indexes, processes, and enhances publicly available brand data, making it accessible for our customers. At no point does the API interact with private data.

Security Measures

  • Data Encryption: We utilize AES-256 encryption for data at-rest and TLS for data in-transit, ensuring end-to-end security.
  • Secure Infrastructure: Our development, staging, and production environments are hosted on Amazon Web Services (AWS), which offers secure, resilient hosting with 24x7 security and compliance certifications.
  • Best Development Practices: Our software development lifecycle adheres to OWASP best practices, incorporating human review processes enhanced by AI to maintain high quality standards.

Book a Call

Have questions about security, want to discuss enterprise usage, or need help optimizing your API integration?
Book a call with our team to get started.