Overview

Security and protection of your data are our top priorities. We implement robust security measures that meet industry best practices to ensure your information is protected from unauthorized access, loss, or misuse.

This page provides transparent information about our security practices, how you can report security issues, and how we respond to security incidents.

Reporting Security Issues

If you discover a security vulnerability in our systems, please report it responsibly. We value the contributions of the security community and are committed to addressing all reported issues as quickly as possible.

Security Contact

Email: security@berelevant.ai

RFC 9116: /.well-known/security.txt

Reporting Guidelines

• Provide a detailed description of the vulnerability
• Include steps to reproduce the issue
• Describe the potential impact of the security issue
• Keep the issue confidential until we have resolved it

Our Commitment

We will acknowledge receipt of your report within 48 hours and keep you regularly informed of progress towards resolving the issue.

Security Measures

We have implemented a multi-layered security approach to protect your data at all levels of our infrastructure.

Data Encryption

• TLS 1.3 for all data transmitted over the internet
• AES-256 encryption for data at rest
• HTTP Strict Transport Security (HSTS) enforced

Authentication & Access

• Bcrypt hashing for passwords (cost factor 12)
• Multi-factor authentication (MFA) support
• OAuth 2.0 integration with trusted providers
• Secure session management with automatic logout

Infrastructure Security

• Hosted on enterprise-grade cloud infrastructure (Vercel, Supabase)
• Configurable firewalls and security groups
• DDoS protection and rate limiting
• Automated backups with encryption and geographic redundancy

Application Security

• Strict input validation and sanitization
• Cross-Site Scripting (XSS) protection
• CSRF tokens for all state-changing operations
• Parameterized queries to prevent SQL injection
• Content Security Policy (CSP) headers

Monitoring & Logging

• Real-time security monitoring
• Comprehensive audit logs of all security events
• Automated alerts for suspicious activities
• Regular security audits and penetration testing

Compliance & Certifications

Our platform is designed to meet international security standards and regulatory requirements.

GDPR

Full compliance with EU General Data Protection Regulation (GDPR)

ISO 27001

Our security practices align with ISO 27001 framework (certification planned)

OWASP Top 10

Protection against all OWASP Top 10 security risks

PCI DSS

Payment processing through PCI DSS compliant provider (Stripe)

Third-Party Security

We only work with trusted service providers who maintain strict security standards.

Stripe

Payment processing

PCI DSS Level 1 certified, SOC 2 Type II compliant

Supabase

Database and authentication

SOC 2 Type II compliant, GDPR ready

Vercel

Hosting and CDN

SOC 2 compliant, ISO 27001 certified

All third-party service providers are regularly reviewed and must meet our security requirements.

Incident Response

We have established a comprehensive incident response plan for quickly addressing any security issues.

1. Detection

Continuous monitoring to identify potential security incidents

2. Assessment

Rapid assessment of incident severity and impact

3. Containment

Immediate steps to contain and isolate the security issue

4. Notification

Notification to affected users and relevant authorities as required by GDPR (within 72 hours)

5. Recovery

Restoration of normal operations with implemented fixes

6. Post-Incident

Thorough analysis to identify root causes and prevent future incidents

Security Acknowledgments

We would like to thank security researchers and ethical hackers who have responsibly disclosed vulnerabilities.

Currently, no security issues have been reported.

Security Contact

If you have any security questions or concerns, please don't hesitate to contact us.

Security issues: security@berelevant.ai
Security.txt: /.well-known/security.txt
General inquiries: support@berelevant.ai

Contact Security Team

Overview

This page provides transparent information about our security practices, how you can report security issues, and how we respond to security incidents.

Reporting Security Issues

Security Contact

Email: security@berelevant.ai

RFC 9116: /.well-known/security.txt

Reporting Guidelines

• Provide a detailed description of the vulnerability
• Include steps to reproduce the issue
• Describe the potential impact of the security issue
• Keep the issue confidential until we have resolved it

Our Commitment

We will acknowledge receipt of your report within 48 hours and keep you regularly informed of progress towards resolving the issue.

Security Measures

We have implemented a multi-layered security approach to protect your data at all levels of our infrastructure.

Data Encryption

• TLS 1.3 for all data transmitted over the internet
• AES-256 encryption for data at rest
• HTTP Strict Transport Security (HSTS) enforced

Authentication & Access

• Bcrypt hashing for passwords (cost factor 12)
• Multi-factor authentication (MFA) support
• OAuth 2.0 integration with trusted providers
• Secure session management with automatic logout

Infrastructure Security

• Hosted on enterprise-grade cloud infrastructure (Vercel, Supabase)
• Configurable firewalls and security groups
• DDoS protection and rate limiting
• Automated backups with encryption and geographic redundancy

Application Security

• Strict input validation and sanitization
• Cross-Site Scripting (XSS) protection
• CSRF tokens for all state-changing operations
• Parameterized queries to prevent SQL injection
• Content Security Policy (CSP) headers

Monitoring & Logging

• Real-time security monitoring
• Comprehensive audit logs of all security events
• Automated alerts for suspicious activities
• Regular security audits and penetration testing

Compliance & Certifications

Our platform is designed to meet international security standards and regulatory requirements.

GDPR

Full compliance with EU General Data Protection Regulation (GDPR)

ISO 27001

Our security practices align with ISO 27001 framework (certification planned)

OWASP Top 10

Protection against all OWASP Top 10 security risks

PCI DSS

Payment processing through PCI DSS compliant provider (Stripe)

Third-Party Security

We only work with trusted service providers who maintain strict security standards.

Stripe

Payment processing

PCI DSS Level 1 certified, SOC 2 Type II compliant

Supabase

Database and authentication

SOC 2 Type II compliant, GDPR ready

Vercel

Hosting and CDN

SOC 2 compliant, ISO 27001 certified

All third-party service providers are regularly reviewed and must meet our security requirements.

Incident Response

We have established a comprehensive incident response plan for quickly addressing any security issues.

1. Detection

Continuous monitoring to identify potential security incidents

2. Assessment

Rapid assessment of incident severity and impact

3. Containment

Immediate steps to contain and isolate the security issue

4. Notification

Notification to affected users and relevant authorities as required by GDPR (within 72 hours)

5. Recovery

Restoration of normal operations with implemented fixes

6. Post-Incident

Thorough analysis to identify root causes and prevent future incidents

Security Acknowledgments

We would like to thank security researchers and ethical hackers who have responsibly disclosed vulnerabilities.

Currently, no security issues have been reported.

Security Contact

If you have any security questions or concerns, please don't hesitate to contact us.

Security issues: security@berelevant.ai
Security.txt: /.well-known/security.txt
General inquiries: support@berelevant.ai

Contact Security Team

Overview

Reporting Security Issues

Security Contact

Reporting Guidelines

Our Commitment

Security Measures

Data Encryption

Authentication & Access

Infrastructure Security

Application Security

Monitoring & Logging

Compliance & Certifications

GDPR

ISO 27001

OWASP Top 10

PCI DSS

Third-Party Security

Incident Response

1. Detection

2. Assessment

3. Containment

4. Notification

5. Recovery

6. Post-Incident

Security Acknowledgments

Security Contact

Loading Page

Overview

Reporting Security Issues

Security Contact

Reporting Guidelines

Our Commitment

Security Measures

Data Encryption

Authentication & Access

Infrastructure Security

Application Security

Monitoring & Logging

Compliance & Certifications

GDPR

ISO 27001

OWASP Top 10

PCI DSS

Third-Party Security

Incident Response

1. Detection

2. Assessment

3. Containment

4. Notification

5. Recovery

6. Post-Incident

Security Acknowledgments

Security Contact