Security Overview
BeRelevant takes security seriously. We are committed to protecting your data and privacy through modern security practices and continuous monitoring.
Our security program includes regular code reviews, penetration testing, and team training to maintain a high standard of protection for all users.
Reporting Security Issues
If you have discovered a security vulnerability, please contact us immediately. Responsible disclosure helps us protect all users.
Contact Our Security Team
Email: admin@berelevant.now
security.txt: berelevant.now/.well-known/security.txt
Reporting Guidelines
- • Provide a detailed description of the vulnerability
- • Include steps to reproduce the issue
- • Describe the potential impact of the vulnerability
- • Keep it confidential until a fix is released
Our Response Commitment
We will acknowledge receipt within 48 hours, keep you updated on progress, and credit you in our acknowledgments upon public disclosure if you wish.
Security Measures
We implement a multi-layered security architecture to protect your data at every point.
Encryption
- • TLS 1.3 for all client-server communication
- • Data at rest encrypted with AES-256
- • HTTP Strict Transport Security (HSTS) across all domains
Authentication
- • Passwords hashed with bcrypt and random salt
- • Multi-factor authentication (MFA) support
- • Secure OAuth 2.0 integration with Google
- • Secure session management with automatic expiry
Infrastructure
- • Hosted in SOC 2 certified data centres
- • Web Application Firewall (WAF) and network segmentation
- • DDoS attack protection
- • Automated backups with recovery testing
Application Security
- • Validation and sanitisation of all inputs
- • Cross-site scripting (XSS) protection
- • CSRF tokens on all forms
- • Parameterised queries preventing SQL injection
- • Content Security Policy (CSP) headers
Monitoring & Auditing
- • Real-time security event monitoring
- • Comprehensive audit logs
- • Automated alerts on suspicious activity
- • Regular security audits and penetration tests
Compliance & Certifications
We adhere to relevant security standards and regulations to protect your data.
GDPR
Full compliance with EU General Data Protection Regulation for European users.
ISO 27001
Security practices aligned with the international standard for information security management.
OWASP Top 10
Regular testing and protection against the most common web vulnerabilities per OWASP guidelines.
PCI DSS
Payment data is processed exclusively through certified payment service providers (Stripe).
Third-Party Security
We carefully select partners and vendors who meet our security standards.
Stripe
Purpose: Payment processing
Certification: PCI DSS Level 1
Supabase
Purpose: Database and authentication
Certification: SOC 2 Type II
Vercel
Purpose: Hosting and CDN
Certification: SOC 2 Type II, ISO 27001
All vendors are regularly reviewed for security practices and regulatory compliance.
Incident Response
We have a defined incident response process ensuring rapid resolution and transparent communication.
Detection
Automated systems monitor security events 24/7 and immediately alert the security team.
Assessment
Rapid assessment of the severity and potential impact of the incident.
Containment
Immediate steps to limit the spread and minimise damage.
Notification
Affected users are notified within 72 hours in accordance with GDPR requirements.
Recovery
Systematic steps to restore normal operations and eliminate the root cause.
Post-Incident Analysis
Detailed root cause analysis and implementation of preventive measures to avoid recurrence.
Security Acknowledgments
We greatly value responsible disclosure from the security community. We thank researchers who have reported issues to us.
We currently have no public security acknowledgments.
Contact Us on Security Matters
For all security questions, vulnerability reports, or consultations, please contact us:
- Security team: admin@berelevant.now
- security.txt: berelevant.now/.well-known/security.txt
- General enquiries: info@berelevant.now