Security & Trust (Overview)

This page provides an overview of Brwse’s security practices. It is for informational purposes and does not modify the Agreement or create additional commitments unless expressly stated in an Order Form.

1) Shared responsibility

Security is a shared responsibility:

• We are responsible for securing the infrastructure and Services we operate.
• Customers are responsible for securing their accounts, configurations, and the Customer Content they choose to submit (including managing Authorized User access).

2) Security principles

Our security program is designed around:

• Least-privilege access controls;
• Defense-in-depth;
• Auditability and monitoring; and
• Secure development practices.

3) Technical and organizational measures (examples)

Depending on the deployment and product components, we may use measures such as:

• Encryption in transit (TLS) and encryption at rest where feasible;
• Role-based access controls and MFA for administrative access;
• Centralized logging and alerting for security events;
• Vulnerability scanning and patch management;
• Backups and recovery procedures; and
• Segregation of duties for production changes.

4) Incident response

We maintain an incident response process to assess and respond to security events. Where we act as a processor, our breach notification obligations are described in the DPA.

5) Vendor and subprocessor management

We use vetted subprocessors for certain functions. See the Subprocessor List.

6) Vulnerability reporting

If you believe you have found a security vulnerability, please report it responsibly to hello@brwse.ai and include:

• A description of the issue;
• Steps to reproduce;
• Any supporting logs or screenshots; and
• Your contact information for follow-up.