Our Commitment to Security

At Bracket, protecting customer data is a core priority. We design our systems and internal processes with security in mind, following industry best practices and a risk-based approach to security management.

We are preparing for a SOC 2 audit focused on security controls and continuously improving our security posture as the company scales.

Security Practices

Access Control

Access to systems and data is restricted to authorised personnel and follows the principle of least privilege. Multi-factor authentication is enforced for all employee accounts.

Data Protection

Customer data is encrypted in transit using industry-standard protocols and encrypted at rest using cloud-provider managed encryption mechanisms.

Monitoring & Logging

We monitor systems for security-relevant events and maintain audit logs to support detection, investigation, and response activities.

Incident Response

We maintain an incident response process for identifying, investigating, and responding to security incidents in a timely manner.

Internal Security

Company devices and accounts are protected using centralised identity, device management, and endpoint security controls. Security policies define requirements for device management, authentication, and acceptable use.

Infrastructure Security

Our platform is hosted on cloud infrastructure with layered security controls to protect systems and data.

Third-Party Risk

We perform security reviews of key third-party service providers and cloud vendors supporting our platform.

Compliance & Privacy

We align our practices with recognised industry security frameworks and applicable data protection regulations. Our Privacy Policy describes how we collect, use, and protect personal data.