Security
We protect your customers' data with enterprise-grade controls.
Last updated: May 12, 2026
1. Encryption
All data is encrypted at rest with AES-256 and in transit with TLS 1.3. Encryption keys are managed by AWS KMS with annual rotation.
2. Infrastructure
We run on AWS in ap-southeast-1 (Singapore) and eu-central-1 (Frankfurt). Multi-AZ deployments. Daily encrypted backups with 30-day retention.
3. Access control
Production access requires SSO + hardware MFA. All access is logged, reviewed monthly, and revoked on role change. Least-privilege IAM throughout.
4. Network security
WAF, DDoS protection (Cloudflare + AWS Shield), and per-route rate limiting. All non-public services live in private subnets.
5. Application security
Static analysis on every commit, dependency scanning daily, annual third-party penetration testing. Bug bounty program planned for 2027.
6. Compliance
GDPR-compliant. PDPA-compliant. SOC 2 Type II roadmap targeting 2027. DPAs available on request.
7. Incident response
24/7 on-call rotation. Status page at status.bx-livechat.com. Public post-mortems for any user-visible incident.
8. Report a vulnerability
Email [email protected]. We respond within 24 hours and credit researchers.