13th March 2024
Security
A very large number of reputable companies trust LaunchBrightly to keep their company data safe and secure every day, and we take that responsibility very seriously. No matter the protocol applied, it is important for us to emphasize just how crucial it is for you to feel secure when working with us.
Server Security
The LaunchBrightly service, operating on Amazon Web Services (AWS) in a completely serverless design, inherently (imho) enhances security by reducing the attack surface that traditional server-based environments expose. This architecture minimizes the risk of server misconfiguration and eliminates the need for manual patching, as AWS automatically manages, updates, and scales the infrastructure, ensuring that the underlying systems stay secure. Furthermore, with our fully automated deployments, human error is significantly reduced. We limit access to essential personnel only, the service maintains a high-security posture by adhering to the principle of least privilege, further safeguarding against unauthorized access and potential vulnerabilities.
Communications
All data exchanged with LaunchBrightly is done via the HTTPS protocol.
Platform Access
Access to the LaunchBrightly platform is managed using the AWS Cognito service, and as such, we do NOT store passwords or any sign-in credentials, which are immediately handed off directly from your browser to AWS (and we do not see them).
AWS Cognito provides unparalleled security for user data and authentication processes, leveraging AWS’s robust infrastructure. It adheres to the highest standards of compliance, including GDPR and HIPAA, ensuring data protection and privacy. With advanced encryption for data at rest and in transit, alongside multi-factor authentication and threat detection capabilities, Cognito ensures that user identities and credentials are safeguarded against unauthorized access and cyber threats.
Data Storage
LaunchBrightly data is stored on AWS (US Regions) in DynamoDB, and access is limited to machines that need read and write access to the tables. DynamoDB ensures top-tier security for stored data, leveraging AWS's comprehensive security measures. It offers fine-grained access control with AWS Identity and Access Management (IAM), allowing precise control over who can access your DynamoDB resources. Data in transit is protected using SSL encryption, while at rest, it employs encryption keys managed by the AWS Key Management Service (KMS), ensuring that your data is secure and accessible only to authorized users.
Employee Access
No LaunchBrightly employee will ever see intimate customer data unless required to do so for support reasons. If you reach out with a support issue that requires us to access intimate customer data, we will request and wait for your written permission before doing so. We have an audit trail of intimate customer data access to prevent misuse. We would only access your customer data without your permission in the event of a rare, emergency service incident that is causing a system-level outage.
Integration Security
If 3rd party Storage and/or Help Centers, et al., are integrated using APIs, we immediately encrypt the tokens and store them using the AWS Key Management Service (KMS), which leverages hardened hardware security modules (HSMs) to protect and manage cryptographic keys. This ensures that they are accessible only by authorized users and services, in compliance with stringent industry standards and regulations. Due to this security design, integration tokens cannot be redisplayed. Furthermore, after the initial setup of the integration, we'll never bring the tokens back to the frontend App you use; they are made accessible only to our backend API.
Product Demo Account
To generate screenshots of authenticated web apps, one would typically apply one of two strategies: This is either done from the "outside-in" (mimicking a traditional user sign-in process) or from the "inside-out", which typically requires code (libraries) to be installed and run along with your app build process. We chose the former as the better and more secure option, keeping us at arm's length. This is achieved using our customizable secure 'Login Profile' feature, which enables Technical Writers and Knowledge Managers to set up the screenshot platform without the need for engineering involvement.
Upon receiving demo account credentials, we immediately encrypt the username and password and store the encrypted keys using the AWS Key Management Service (KMS), which leverages hardened hardware security modules (HSMs) to protect and manage cryptographic keys, ensuring that they are accessible only by authorized users and services, in compliance with stringent industry standards and regulations. Due to this security design, demo account credentials cannot be redisplayed. Furthermore, after the initial login profile setup, we'll never bring the credentials back to the frontend App you use; they are made accessible only to our backend API.
Credit Card Safety
When you sign up for a paid account on LaunchBrightly, your credit card information is handed off to Stripe, a company dedicated to storing your sensitive data on PCI-Compliant servers. Our servers do not store or even see your credit card information.
For More Information
If you have any questions, please do not hesitate to reach out at infosec@launchbrightly.com, we are very eager to elaborate on any request.