Skip to main content

Security

Firewalls

One of the fundamental architectural choices of the Bitfount platform, different from many other federated architectures, is that Bitfount follows a messaging architecture. This means that services that connect to Bitfount only make outgoing HTTP connections and can happily sit behind a firewall.

Encryption

All data entering or leaving Bitfount uses TLS/HTTPS, and all messages are 256-bit AES end-to-end encrypted. This removes any requirement to trust Bitfount with respect to raw data or task results.

Your data

Data accessed via Bitfount can be hosted locally or in cloud infrastructure. Data never leaves its location and is not accessible to Bitfount unless access is granted.

The only information shared with Bitfount is metadata. More information on the metadata Bitfount has access to can be found in our privacy policy.

Bitfount's own security

Bitfount takes security very seriously. Security is a core part of what our product aims to help with! The following are some of the things we are doing to make sure our own code and infrastructure are secure:

  • Automated security tests on all our code
  • Regular penetration tests on all our services
  • Monitoring tools to try to catch intrusions and incidents
  • Segregated production environment with limited human access
  • Various process-level security policies, including a secure development policy
  • ISO 27001 certification, HIPAA compliant, GDPR compliant, UK Cyber Essentials Plus certified and NHS Data Security and Protection Toolkit (DSPT) compliant
  • Access to Bitfount is protected by strong authentication and authorization controls, with user passwords not being held by Bitfount
  • Bitfount's authentication (Auth0) and infrastructure (AWS) providers hold industry-leading security certifications such as SOC 2 Type II, ISO 27018 and ISO 27001