SECURITY

BEEGOL’s team adheres to stringent security and privacy policies, ensuring full compliance with the company’s control and monitoring processes in order to uphold security standards in line with international markets. Furthermore, we collaborate with third-party auditors to furnish evidence of our commitment to security and compliance.

 

Our policies are based on a strong foundation for creating effective data privacy and security:

Data Minimization and transparency

We collect and retain only the data that is strictly necessary for our business operations. It minimizes the potential impact of a data breach and reduces the risk of unauthorized access to sensitive information.We also provide transparency about how we collect, use, and share data. 

Data Security

We implement robust security measures to protect data from unauthorized access, breaches, and cyber threats. This includes encryption, access controls, regular security audits, and employee training on data security best practices.

Vulnerability management

We implement a proactive vulnerability management program. We regularly assess our products and systems for security vulnerabilities, and have processes in place for promptly addressing and fixing any identified vulnerabilities. This helps ensure that our products remain secure and resilient against emerging threats.

Compliance with Regulations

We stay informed and compliant with relevant data protection regulations, such as the General Data Protection Regulation (GDPR), SOC2 regulations, or other industry-specific regulations. Compliance ensures that we meet legal requirements and build trust with our customers and partners.

DATA PROTECTION

DATA AT REST

Databases with sensitive information are encrypted according to security standards and over AWS environment also compliant with high security processes and rules and provides tools to reinforce it. 

DATA IN TRANSIT

Beegol uses secure HTTPS protocol for data in transit and created several security measures to maximize the security of our data in transit. Server TLS keys and certificates are managed by AWS and deployed via Application Load Balancers.

Secret management

Application secrets are encrypted and stored securely via AWS Secrets Manager and Parameter Store, and access to these values is strictly limited.

PRODUCT SECURITY

Penetration testingBeegol engages with local and international penetration testing companies as a commitment with product security that we offer for our customers. Tempest Security Intelligence is the largest cybersecurity company in Brazil, with over 23 years of experience in the field and Artifice Security consultants have decades of experience in IT and security with hundreds of penetration tests under each of their belts – all while being trusted leaders in their field. Artifice is an US company with  experience across various industries worldwide.

Artifice Vulnerability scanning

Beegol requires vulnerability scanning at key stages of our development cycle and keeps testing until code deployment to identify vulnerabilities and possible breaches assuring security and availability of our software. Also we execute network vulnerability scanning on a period basis.

DATA PROTECTION

Endpoint Protection

All corporate devices are managed and equipped with anti-malware protection. Linux devices have their security reinforced through regular updates to align with our security policy. Additionally, several security protocols ensure the proper sanitization of device data after employee off-boarding.

Security Education

As part of the onboarding process, employees receive security training, and our development teams are closely guided by our tech leaders to incorporate security measures into their daily activities.

Access Management

Multi-Factor Authentication (MFA) is mandatory for accessing external systems within Beegol, and our Cloud environments are overseen by restricted user groups in accordance with hierarchical rules and authorizations granted by the IT team leader.

DATA PRIVACY

Our Privacy Policy is adherent to LGPD requirements from Brazilian’s law and are compliant with GDPR  Responsibilities as data processor group providing transparency of retention, processing and access.