We use SSL/TLS encryption on all our websites and microservices satisfying the highest security and data protection standards. We regularly verify our security certificates and encryption algorithms to keep your data safe.
The data you send through Build is encrypted in transit. Credential user names are encrypted and passwords are hashed.
We do not access or use your content for any purpose without your consent. We never use your content or derive information from it for marketing or advertising.
We do not disclose customer information unless we're required to do so to comply with a legally valid and binding order. Unless prohibited from doing so or there is clear indication of illegal conduct in connection with the use of our products or services, we notify customers before disclosing content information.
Our physical infrastructure is hosted on Amazon Web Services' (AWS) data centers. The following is a partial list of assurance programs AWS complies with:
* SOC 1/ISAE 3402, SOC 2, SOC 3
* FISMA, DIACAP, and FedRAMP
* PCI DSS Level 1
* ISO 9001, ISO 27001, ISO 27017, ISO 27018
AWS Security Groups (virtual firewalls) are utilized to restrict access to our network from external networks and between systems internally. By default, all access is denied and only explicitly allowed ports and protocols are allowed based on business requirement. Each system is assigned a security group based on its function.
Backend access to the OS level and AWS console is limited to Build io, Inc staff and requires key authentication and multi factor authentication.
We follow the principle of least privilege both internally by restricting our staff's access to the minimum permissions needed to perform their work, as well as externally by asking the user for the minimum permissions required by our service when accessing 3rd party systems on the user's behalf.
If you find a bug or security issue on our website, please let us know about it by sending an immediate e-mail to firstname.lastname@example.org.