Security & Trust

Your clients' data — and yours — protected by design.

BrioSync runs multiple companies' data — all 12 suites, finance and procurement to delivery, service desk, CRM and HR — on one platform, so isolation and access control aren't features we bolted on later. They're how the product was built from day one, on top of Google Cloud's certified infrastructure.

How we protect your data

Eight things we get right.

Tenant isolation

Every record is tagged with your company ID, and database-level security rules enforce it on every read and write. Other companies on the platform literally cannot reach your data.

Encryption in transit & at rest

All traffic runs over TLS/HTTPS, and your data is encrypted at rest on Google Cloud by default. Nothing moves or sits in the clear.

Role-based access control

Granular roles decide what each person can see and do. An Access Management screen, plus route- and data-level gating, means people only ever touch what their role allows.

Secure sign-in & SSO

Sign in with email (password set via a secure emailed link), Google, or Microsoft SSO. Work-email-only signup keeps consumer accounts out of your workspace.

Audit & login monitoring

Sign-in activity — time, IP address and approximate location — is captured and visible to admins, so you can spot access that doesn't look right.

You own your data

Your data belongs to you. Export it whenever you want. We don't sell it, and we don't share it with third parties for advertising.

Data lifecycle & deletion

Delete your workspace whenever you choose. Deletion runs through a soft-delete grace window — recoverable for a short period — before data is permanently purged.

Privacy & GDPR-aware

A consent banner (Google Consent Mode v2) holds analytics cookies until you opt in, and we collect only what we need to run the product. You stay in control of tracking.

Infrastructure

Built on Google Cloud.

BrioSync is built on Google Cloud and Firebase — the same infrastructure that runs some of the world's largest apps. That means your data sits in data centers with independent, audited security certifications.

The Google Cloud infrastructure we run on is independently certified & audited:
ISO/IEC 27001 SOC 1 SOC 2 SOC 3 ISO 27017 / 27018 GDPR data-processing terms

Straight talk: these certifications cover the Google Cloud platform BrioSync is built on. BrioSync is a growing product and is not yet separately certified in its own name — we inherit the platform's controls today and will pursue our own certifications as we scale. If you need our subprocessor list or a security questionnaire completed, just ask.

Your data, your control

No lock-in. No surprises.

📤 Export anytime

Your tickets, projects, time logs and client records are yours to take with you. Request an export whenever you need one.

🗑️ Delete on demand

Close your account and your workspace data is removed on a clear schedule — soft-deleted first, then permanently purged.

🔒 Private by default

We never sell your data or hand it to advertisers. It exists to run your business inside BrioSync — nothing else.

Found a security issue?

We welcome reports from good-faith security researchers. If you've found a vulnerability, email security@briosync.com with the details and we'll get back to you quickly.

Please give us reasonable time to investigate and fix before any public disclosure. We won't pursue legal action against researchers acting in good faith.

Security questions before you commit?

Happy to walk your team through our setup, share our subprocessor list, or complete a security questionnaire.