BF
BuildForceAI
Log inSign up

Security Policy

Last updated: 12/7/2025

1. Introduction

At BuildForce AI, security is our top priority. This Security Policy outlines our commitment to protecting your data and ensuring the security of our platform.

2. Infrastructure Security

2.1 Data Centers

  • All data is hosted in SOC 2 Type II certified data centers
  • 24/7 physical security and surveillance
  • Redundant power and cooling systems
  • Regular security audits and compliance checks

2.2 Network Security

  • Enterprise-grade firewalls and intrusion detection
  • Regular vulnerability scanning and penetration testing
  • DDoS protection and mitigation
  • Real-time threat monitoring and response

3. Data Security

3.1 Encryption

  • All data in transit encrypted using TLS 1.3
  • Data at rest encrypted using AES-256
  • Secure key management and rotation
  • End-to-end encryption for sensitive operations

3.2 Access Control

  • Role-based access control (RBAC)
  • Multi-factor authentication (MFA)
  • Regular access reviews and audits
  • Principle of least privilege

4. Application Security

4.1 Development Practices

  • Secure software development lifecycle (SDLC)
  • Regular security training for developers
  • Automated security testing in CI/CD pipeline
  • Third-party dependency scanning

4.2 API Security

  • API authentication and authorization
  • Rate limiting and throttling
  • Input validation and sanitization
  • Regular security assessments

5. Compliance and Certifications

  • SOC 2 Type II certified
  • GDPR compliant
  • HIPAA compliant
  • ISO 27001 certified
  • Regular third-party security audits

6. Incident Response

We maintain a comprehensive incident response plan that includes:

  • 24/7 security monitoring
  • Automated threat detection
  • Incident response team
  • Regular incident response drills
  • Customer notification procedures

7. Business Continuity

Our business continuity and disaster recovery plans ensure:

  • 99.9% uptime SLA
  • Regular backups and data replication
  • Multiple data center redundancy
  • Automated failover procedures

8. Third-Party Security

We maintain strict security requirements for third-party integrations:

  • Regular security assessments
  • Contractual security obligations
  • Access restrictions and monitoring
  • Regular compliance verification

9. Employee Security

  • Background checks for all employees
  • Regular security awareness training
  • Acceptable use policies
  • Device security requirements

10. Reporting Security Issues

If you discover a security vulnerability, please report it to:

  • Email: security@buildforce.ai
  • Bug Bounty Program: [Link to program]

11. Updates and Changes

We regularly review and update our security measures. Changes to this Security Policy will be posted on this page with an updated date.

12. Contact Information

For security-related inquiries, please contact our security team:

  • Email: security@buildforce.ai
  • Phone: [Security Emergency Contact]