Bissy Apps LogoBack to Home

Security at Bissy Apps

Your security is our top priority. Learn about the measures we take to protect your data and ensure the safety of your information.

Table of Contents

  1. 1. Security Overview
  2. 2. Data Protection
  3. 3. Infrastructure Security
  4. 4. Access Control
  5. 5. Compliance & Standards
  6. 6. Incident Response
  7. 7. User Best Practices
  8. 8. Report a Security Issue

1. SECURITY OVERVIEW

At Bissy Apps, we implement enterprise-grade security measures to protect your data. Our security program is built on industry best practices and continuously updated to address emerging threats.

Our Security Commitment

  • End-to-end encryption for data in transit and at rest
  • Regular security audits and vulnerability assessments
  • 24/7 monitoring and threat detection
  • Compliance with industry security standards
  • Transparent security practices and incident reporting

2. DATA PROTECTION

2.1 Encryption

  • Data in Transit: All data transmitted between your device and our servers uses TLS 1.3 encryption
  • Data at Rest: All stored data is encrypted using AES-256 encryption
  • Password Protection: Passwords are hashed using bcrypt with salt
  • Secure Keys: Encryption keys are managed using industry-standard key management systems

2.2 Data Storage

  • Data stored in secure, SOC 2 compliant cloud infrastructure (Google Cloud Platform/Firebase)
  • Automated backups with encryption
  • Geographic redundancy for disaster recovery
  • Secure data deletion processes

2.3 Data Minimization

We collect only the data necessary to provide our services. Personal information is never shared with third parties for marketing purposes.

3. INFRASTRUCTURE SECURITY

Cloud Infrastructure

Our applications run on secure cloud platforms:

  • Firebase/Google Cloud Platform: SOC 2, ISO 27001, and HIPAA compliant infrastructure
  • Vercel: Secure edge network with automatic SSL/TLS certificates
  • DDoS Protection: Built-in protection against distributed denial-of-service attacks
  • Web Application Firewall: Protection against common web vulnerabilities

Network Security

  • Firewalls and network segmentation
  • Intrusion detection and prevention systems
  • Regular security patches and updates
  • Vulnerability scanning and penetration testing

4. ACCESS CONTROL

4.1 User Authentication

  • Firebase Authentication for secure user management
  • Strong password requirements (minimum 8 characters, complexity rules)
  • Session management with automatic timeout
  • Email verification for new accounts
  • Password reset with secure token-based verification

4.2 Administrative Access

Access to customer data is strictly controlled:

  • Role-based access control (RBAC)
  • Principle of least privilege
  • Multi-factor authentication required for all admin accounts
  • All access is logged and monitored
  • Regular access reviews and audits

5. COMPLIANCE & STANDARDS

🇪🇺 GDPR Compliance

  • Data protection by design and default
  • Right to access, rectify, and delete data
  • Data portability support
  • Breach notification procedures

🇺🇸 CCPA Compliance

  • Transparent data collection practices
  • Right to know and delete personal data
  • No sale of personal information
  • Non-discrimination guarantee

Payment Security

All payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor:

  • We never store credit card information
  • PCI-compliant payment processing
  • Tokenization of payment data
  • Fraud detection and prevention

6. INCIDENT RESPONSE

Our Incident Response Process

  1. Detection: 24/7 monitoring systems detect potential security incidents
  2. Assessment: Security team evaluates the severity and scope of the incident
  3. Containment: Immediate action to prevent further damage
  4. Investigation: Root cause analysis and evidence collection
  5. Remediation: Fix vulnerabilities and restore normal operations
  6. Notification: Affected users notified within 72 hours if required by law
  7. Post-Incident Review: Lessons learned and security improvements

7. USER BEST PRACTICES

You play an important role in keeping your account secure. Follow these best practices:

Password Security

  • Use a strong, unique password (at least 8 characters with letters, numbers, and symbols)
  • Never share your password with anyone
  • Use a password manager to generate and store complex passwords
  • Change your password immediately if you suspect it has been compromised

Account Security

  • Log out when using shared or public computers
  • Keep your email account secure (it's used for password resets)
  • Review your account activity regularly
  • Be cautious of phishing emails claiming to be from Bissy Apps
  • Report suspicious activity immediately

8. REPORT A SECURITY ISSUE

Responsible Disclosure

If you discover a security vulnerability in our services, please report it to us responsibly. We appreciate security researchers who help keep our users safe.

How to Report:

  • Email: security@bissyapps.com
  • Include detailed steps to reproduce the issue
  • Do not publicly disclose the vulnerability until we've addressed it

Response Time: We will acknowledge your report within 48 hours and provide regular updates on our progress.

Security Contact Information

For general security questions or concerns:

Bissy Apps, LLC
Security Team
Email: security@bissyapps.com
Privacy: privacy@bissyapps.com
Website: bissyapps.com

Security is an ongoing commitment. We continuously improve our security measures to protect your data.