Corporate Security

Internal Policies
BrightGauge believes that robust security begins with a strong internal security policies. In this spirit, we have developed policies that require full disk encryption for development hardware, strong credentials and 2FA for access to sensitive third party services, and regular access key and password rotation.

To ensure compliance, our SIPP team provides training (after onboarding and on an ongoing basis) and performs regular random audits. Beyond the internal security policies mentioned above, this includes: acceptable use policy, data use policy, privacy risk assessment, and incident response policy.

To review any of these these policies in more detail, please email support.

Background Checks
BrightGauge conducts background checks for all new hires, which includes identity verification and national criminal record lookups.

Disclosure Policy
Extensive security monitoring mechanisms have been deployed throughout BrightGauge. In the event a breach or other security incident is identified, we will follow our internal Information Security Incident Response Policy, and will communicate as quickly as possible to any affected customers via email, sharing periodic updates addressing impact and remediation.