Applies to

  • Brandfolder


Who can use this capability

All users are protected with the same level of security by Brandfolder.

Brandfolder security

Brandfolder implements multiple levels of security to protect and back up your files.


  • Brandfolder


All users are protected with the same level of security by Brandfolder.

At Brandfolder, the security of your brand assets is our highest priority. Our engineering team uses the best tools and practices to build and maintain Brandfolder. We implement multiple levels of security to protect and back up your files.

SOC 2 Type 2 compliant

Brandfolder has completed its SOC 2 Type 2 audit for its security and confidentiality controls. Brandfolder has established processes and practices against these controls that an independent third party has validated.

  • Independent third-party examination
  • Gold standard security compliance for SaaS
  • Strict security and confidentiality procedures in place

ISO 27001

Brandfolder is compliant with ISO/IEC 27001. The ISO/IEC 27001 standard provides companies of any size and from all sectors of activity with guidance for establishing, implementing, maintaining and continually improving an information security management system. For more information on what conforming with ISO/IEC 27001 means, visit.

Identity management

Brandfolder enables the right individuals to access resources at the right time. It provides a seamless and secure way for your organization to manage digital assets. Other users can only see your brand assets in your Brandfolder if you deliberately give them access or make Brandfolder Public.

  • SAML 2.0 SSO
  • User management & permissions
  • Privacy and Stealth Mode settings

Storage and delivery

The underlying storage architecture behind Brandfolder is powered by
cloud service provider, Google Cloud Storage (GCS).

Brandfolder redundantly stores all data on multiple devices across three Availability Zones. All PUT and COPY operations for objects are synchronously stored across all Availability Zones before confirming the data has been successfully stored,  ensuring fault tolerance. Once stored, we regularly verify the integrity of stored data using checksums. If corruption is detected, we repair it using redundant data. By using GCS, Brandfolder effectively provides 99.999999999% durability and 99.99% availability of objects over a given year. We maintain Brandfolder's PostgreSQL database deployment through automatic updates using the latest patches. Automated backups of all transaction logs and the database enable point-in-time recovery for all Brandfolder’s customers.

Brandfolder’s database instance is set to run as a multi-region, Multi-Availability Zone
Brandfolder maintains snapshots and streaming logs for instantaneous recovery in a global compute disaster. deployment with a disaster recovery replica. This means it will automatically provision and manage a “standby” replica in a different Availability Zone (independent infrastructure in a physically separate location). In the event of planned database maintenance, database instance failure, or an Availability Zone failure, we will automatically failover to the up-to-date standby so that database operations can resume quickly without administrative intervention. Database updates are made concurrently on the primary and standby resources to prevent replication lag.

  • GCS Storage with a 99.99% uptime
  • Globally distributed Content Delivery Network (CDN)
  • Content ingestion network with lightning-fast upload speeds
  • Global storage locations in the US and Europe

Online protection

Assets are encrypted at rest using server-side AES 256 encryption algorithm. We salt and hash user passwords using ten rounds of Bcrypt. Data between a customer device and Brandfolder is secured with SHA-256 with RSA-signed certificates and encrypted using HTTPS/TLS to protect against eavesdropping, tampering, and message forgery. Brandfolder only accepts traffic from 2 whitelisted ports and has built-in intrusion detection instrumented with monitoring and alerts. This ensures the integrity of all transmitted information in and out of the Brandfolder technology stack. 

Risk assessment and controls

Brandfolder IT reviews and regularly updates IT vulnerabilities, controls, and risk impacts. The assessment evaluates security vulnerabilities affecting confidentiality, integrity, and availability. Appropriate security safeguards are recommended, permitting management to make knowledge-based decisions about security-related initiatives.

Durability & back-ups

By leveraging Google Cloud (GCP), Brandfolder offers online and physical security measures, 99.999999999% durability, and 99.99% availability of objects over a given year. Brandfolder ensures streaming replication backups so no changes or updates are lost during a disaster.

Physical security

Cloud storage providers provide state-of-the-art data center security, including around-the-clock staffing, video surveillance, and intrusion detection systems. All administrative interfaces are accessed through key-card and 2FA user authentication. Authorized access is granted on a need-to-know basis. In the Brandfolder office, all workstations are regularly updated and monitored for malware protection.

Security and ownership

Your data is yours and yours only. Brandfolder will protect your data from internal and external threats, making it the safest home for all your essential brand assets. We leverage built-in intrusion detection, advanced monitoring, and alert systems, encryption in transit, and more measures to ensure data security.

  • Regular security audits and pen testing
  • Business continuity and disaster recovery procedures
  • Internal and external data security
Was this article helpful?