Security
Security is the product, not a feature.
Brutus handles sensitive workforce data, so we built it isolation-first: every organization's data is separated at the database layer, encrypted in transit and at rest, and accessible only under least-privilege, role-based access. Here's exactly how your data is protected.
Tenant-isolated · Encrypted · SOC 2 Type II infrastructure · US-hosted
How your data is protected
Controls at every layer.
Database-level tenant isolation
Every organization's data is separated at the database layer using PostgreSQL Row-Level Security (enabled and forced on every table). Authorization is enforced by the database itself, not just the application — so one customer's data is structurally unreachable from another's. This is verified by an automated isolation test suite.
Encryption everywhere
All traffic is encrypted in transit with TLS 1.2+ (HSTS with preload). Data is encrypted at rest with AES-256. Secrets are stored encrypted and never exposed to the browser.
Access control & SSO
Role-based access control (admin / manager / employee) with least-privilege by default — employees never see others' data. Enterprise Single Sign-On via SAML 2.0 with just-in-time provisioning, plus password, Google, and magic-link sign-in.
Audit logging
Sensitive actions — role changes, deletions, configuration changes — are recorded with the actor, the target, and a timestamp, so administrators have a clear trail of who did what.
Data lifecycle & deletion
You own your data. When an organization is offboarded, all of its records and accounts are permanently deleted. We process only what's needed to deliver the service.
Hardened infrastructure
Hosted on SOC 2 Type II–certified infrastructure (Vercel and Supabase) in the United States (AWS us-east-1). A Content-Security-Policy, HSTS with preload, Cross-Origin-Opener-Policy, a locked-down Permissions-Policy, and a full set of security response headers guard the application edge, alongside server-side input validation and authentication rate limiting.
Continuous security testing
Automated dependency scanning (Dependabot) and static application security testing (CodeQL) run on every change, alongside a continuous-integration gate that type-checks, runs the full test suite, and audits dependencies for known vulnerabilities before any code is merged. Production errors are monitored with personal data scrubbed from telemetry, and we operate a coordinated vulnerability-disclosure program for security researchers.
Sub-processors
Who we rely on.
We use a small set of trusted, audited providers. Assessment conversations are conducted and scored using large-language-model APIs from Anthropic and OpenAI — that content is not used to train AI models.
| Provider | Purpose | Notes |
|---|---|---|
| Vercel | Application hosting & edge | SOC 2 Type II |
| Supabase (AWS, US) | Managed database & authentication | SOC 2 Type II |
| Anthropic (Claude) | Interview scoring & cohort analysis | API tier — not used to train models |
| OpenAI | Independent scoring cross-check & analysis | API tier — not used to train models |
| Resend | Transactional email | Invitations & notifications |
| Cloudflare | DNS, edge security & DDoS protection | Network / CDN |
| Sentry | Error monitoring | Personal data scrubbed from telemetry |
| Inngest | Background job processing | Signed event delivery |
Compliance
Where we stand
- SOC 2 Type II infrastructure. Brutus runs entirely on SOC 2 Type II–certified providers (Vercel, Supabase).
- SOC 2 Type II — in preparation. We are actively hardening our controls toward a SOC 2 Type II audit and independent penetration testing.
- Data Processing Agreement. A DPA and a detailed security overview are available to customers and prospects on request.
- Vulnerability disclosure. We welcome reports from security researchers — see our security.txt.
Doing a security review?
We're happy to walk through architecture, complete your security questionnaire, or share our DPA and security overview. Reach our security team directly.
security@brutusdiagnosticsolutions.com