Security

Security is the product, not a feature.

Brutus handles sensitive workforce data, so we built it isolation-first: every organization's data is separated at the database layer, encrypted in transit and at rest, and accessible only under least-privilege, role-based access. Here's exactly how your data is protected.

Tenant-isolated · Encrypted · SOC 2 Type II infrastructure · US-hosted

How your data is protected

Controls at every layer.

Database-level tenant isolation

Every organization's data is separated at the database layer using PostgreSQL Row-Level Security (enabled and forced on every table). Authorization is enforced by the database itself, not just the application — so one customer's data is structurally unreachable from another's. This is verified by an automated isolation test suite.

Encryption everywhere

All traffic is encrypted in transit with TLS 1.2+ (HSTS with preload). Data is encrypted at rest with AES-256. Secrets are stored encrypted and never exposed to the browser.

Access control & SSO

Role-based access control (admin / manager / employee) with least-privilege by default — employees never see others' data. Enterprise Single Sign-On via SAML 2.0 with just-in-time provisioning, plus password, Google, and magic-link sign-in.

Audit logging

Sensitive actions — role changes, deletions, configuration changes — are recorded with the actor, the target, and a timestamp, so administrators have a clear trail of who did what.

Data lifecycle & deletion

You own your data. When an organization is offboarded, all of its records and accounts are permanently deleted. We process only what's needed to deliver the service.

Hardened infrastructure

Hosted on SOC 2 Type II–certified infrastructure (Vercel and Supabase) in the United States (AWS us-east-1). A Content-Security-Policy, HSTS with preload, Cross-Origin-Opener-Policy, a locked-down Permissions-Policy, and a full set of security response headers guard the application edge, alongside server-side input validation and authentication rate limiting.

Continuous security testing

Automated dependency scanning (Dependabot) and static application security testing (CodeQL) run on every change, alongside a continuous-integration gate that type-checks, runs the full test suite, and audits dependencies for known vulnerabilities before any code is merged. Production errors are monitored with personal data scrubbed from telemetry, and we operate a coordinated vulnerability-disclosure program for security researchers.

Sub-processors

Who we rely on.

We use a small set of trusted, audited providers. Assessment conversations are conducted and scored using large-language-model APIs from Anthropic and OpenAI — that content is not used to train AI models.

ProviderPurposeNotes
VercelApplication hosting & edgeSOC 2 Type II
Supabase (AWS, US)Managed database & authenticationSOC 2 Type II
Anthropic (Claude)Interview scoring & cohort analysisAPI tier — not used to train models
OpenAIIndependent scoring cross-check & analysisAPI tier — not used to train models
ResendTransactional emailInvitations & notifications
CloudflareDNS, edge security & DDoS protectionNetwork / CDN
SentryError monitoringPersonal data scrubbed from telemetry
InngestBackground job processingSigned event delivery

Compliance

Where we stand

  • SOC 2 Type II infrastructure. Brutus runs entirely on SOC 2 Type II–certified providers (Vercel, Supabase).
  • SOC 2 Type II — in preparation. We are actively hardening our controls toward a SOC 2 Type II audit and independent penetration testing.
  • Data Processing Agreement. A DPA and a detailed security overview are available to customers and prospects on request.
  • Vulnerability disclosure. We welcome reports from security researchers — see our security.txt.

Doing a security review?

We're happy to walk through architecture, complete your security questionnaire, or share our DPA and security overview. Reach our security team directly.

security@brutusdiagnosticsolutions.com