Trust Center

middleBrick is built for enterprise security teams. This page documents our security posture, compliance alignment, and operational transparency.

Compliance Alignment

  • SOC 2 Ready — all controls implemented and auditor-defensible
  • GDPR aligned — data export (Art. 20), right to erasure (Art. 17), DPA available
  • CCPA/CPRA aligned — right to know, right to delete
  • HIPAA aligned — via compliance mapping engine (not a covered entity)
  • PCI-DSS 4.0 — 18 requirements mapped
  • OWASP API Top 10 2023 — full coverage

Infrastructure

  • Runs on Cloudflare's global edge network
  • Data encrypted at rest (AES-256-GCM) and in transit (TLS 1.3)
  • No customer data leaves the Cloudflare ecosystem
  • Zero egress architecture — data stays at the edge
  • Multi-tenant logical isolation (org-scoped queries)

Authentication & Access

  • SAML 2.0 SSO (Okta, Azure AD, Google Workspace)
  • MFA enforcement (TOTP + recovery codes)
  • Role-based access control (Owner / Admin / Member / Viewer)
  • API key authentication with instant revocation
  • Audit log of all user actions (365-day retention, Enterprise)

Operational Security

  • HMAC-SHA256 watermarked audit trail
  • Signed webhooks for SIEM integration
  • Automated SLA credit calculation
  • We scan ourselves with our own engine

Resources

Last updated: May 2026