Question 1

How is my MSP data protected?

Accepted Answer

All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.3. We implement row-level security (RLS) in our database to ensure complete tenant isolation. Your data is backed up daily with point-in-time recovery capabilities. We never access your data except when explicitly authorized for support purposes.

Question 2

Where is my data stored?

Accepted Answer

Your data is stored in Digital Ocean data centers in the United States. All infrastructure is SOC 2 Type II certified. We use PostgreSQL for our database, which provides enterprise-grade security, automatic backups, and high availability. Data is replicated across multiple availability zones for redundancy.

Question 3

How do you handle integration credentials?

Accepted Answer

Integration credentials (API keys, OAuth tokens) are never stored in plaintext. They are encrypted using AES-256 with tenant-specific encryption keys before storage. The encryption keys themselves are managed through a secure key management system. We use OAuth 2.0 where possible to avoid storing passwords.

Question 4

What happens if there is a security incident?

Accepted Answer

We have a documented incident response plan with defined procedures for detection, containment, eradication, and recovery. In the event of a security incident affecting your data, we will notify you within 72 hours as required by GDPR. We maintain cyber insurance and have relationships with forensic and legal experts.

Question 5

Can I get a copy of your SOC 2 report?

Accepted Answer

Yes, our SOC 2 Type II report is available to customers and prospects under NDA. Please contact us at security@brainstormmsp.ai to request a copy. The report covers our security, availability, and confidentiality controls as audited by an independent third party.

Question 6

Do you conduct penetration testing?

Accepted Answer

Yes, we conduct annual penetration tests by independent security firms. We also run continuous vulnerability scanning and participate in a responsible disclosure program. Critical vulnerabilities are patched within 24 hours, and all findings are tracked to resolution.

Enterprise-Grade Security

How We Protect Your Data

End-to-End Encryption

Zero-Knowledge Architecture

Multi-Tenant Isolation

Audit Logging

SOC 2 Type II

GDPR Compliant

Security FAQ

Questions About Security?