Security is your priority.
It’s ours too.
Bonfyre’s engineering team follows best practices and industry leading security protocols to ensure data, network, system and application security. Here are just some of the security measures we employ.
All data sent to or from Bonfyre is encrypted in transit with TLS 1.2 and 256 bit keys. To protect passwords, Bonfyre uses industry standard, well-reviewed cryptographic protocols using random salt and a high work factor. At rest, the database volume is encrypted by AWS using AES-256, while PII and user messages are further encrypted with AES-128.
Development and operations
Bonfyre utilizes a formal Software Development Lifecycle for secure change management. All code is peer reviewed for security, and we utilize frameworks that prevent OWASP Top 10 or NIST common vulnerabilities (such as SQL injection, XSS, CSRF, and others).
File and system configuration are enforced through configuration management software. Security patches are applied through automation while rate limiting and intrusion detection software can alert us to any suspicious activity.
A culture of security
Bonfyre employees maintain strict security standards and receive ongoing security training on phishing, social engineering, password management, and device management. Two-factor authentication (2FA) and Single Sign-On (SSO) are enforced where available and employees are required to use a password manager. Employee hard drives are securely encrypted on all company laptops used at Bonfyre. We additionally run automated and recurring security audits on our configuration and controls. Following the principle of least privilege, employees are granted the minimum level of access required for each job function.
Data storage and network infrastructure
Bonfyre data is stored on Amazon Web Services (AWS) and only in AWS data centers located in the United States. AWS services are PCI, HIPAA, SOC 2, and ISO 27001 compliant. We run nightly backups and also support point-in-time data recovery to minimize our recovery point objectives. Utilizing multiple data centers and running disaster recovery simulations on a regular basis helps ensure Bonfyre is a highly available platform.
Third-party security audits
Bonfyre annually undergoes rigorous, third-party network and application penetration testing to check our platform for security vulnerabilities of any kind. Bonfyre also hosts a bug bounty program to reward security researchers for properly disclosing any discovered vulnerabilities.
Chats and photos are only visible to the users authorized to access the Bonfyre community where they were posted. You can trust your sharing is private without having to manage confusing security or permission settings.
Bonfyre supports SAML 2.0 Single Sign-On (SSO) for enterprise customers. With Single Sign-On, users have Bonfyre application access through the customer’s designated Identity Provider (IdP). The IdP will enforce the customer’s security requirements seamlessly for Bonfyre authentication.
Have a security question?
We’re here to help.