We know that when you’re evaluating a SaaS product, it’s not just about features and benefits — it’s about confidence. Confidence that your data is handled responsibly, that security is taken seriously, and that the product meets the standards your organisation expects.

This page brings together everything you need to understand how BrightCarbon manages security, privacy, and compliance in the context of our BrandIn app.

What you’ll find here

You’ll find links to publicly available resources on the BrightCarbon website, including our:

• Data Processing Agreement
• Privacy Policy
• List of Sub-processors

These are designed to give you a clear, transparent view of how we operate.

Need more detail?

For customers and prospects going through procurement or InfoSec reviews, we also maintain a more detailed InfoSec package. This includes deeper technical and organisational governance information that isn’t published publicly, which includes the following documentation:

• Compliance
  • BrightCarbon SOC 2 audit report
  • BrightCarbon Data Processing Agreement
• Product
  • BrandIn Software Architecture
  • BrandIn Data Flow Diagrams
  • BrandIn PEN testing letter of attestation
• Policies
  • List of BrightCarbon internal governance policies (requires separate request)
• Insurance
  • Cyber Liability
  • Employer’s Liability
  • Professional Indemnity

Because this material is sensitive, it’s shared under NDA. If you’d like access, you can request it using the form below, and we’ll guide you through the process.