People and infrastructure you can trust

We deploy best-in-class practices and tools to maintain security on all levels.

People and infrastructure you can trust

Security with Brassica

Authentication and authorization

Brassica maintains strict role-based access control across all our internal and external systems. Access to all critical services requires SSO or multi-factor authentication where available.

External audits

An annual independent audit of policies and procedures is conducted at Brassica. This includes reviewing the Information Security Policy, Third-Party Risk Management Policy, Business Continuity Policy, Incident Response Policy, and data privacy practices.

Vulnerability & Risk Management

Brassica continuously performs internal vulnerability scans to identify and remediate potential system vulnerabilities. Regular risk assessments are conducted to ensure a comprehensive understanding of security, availability, and privacy risks in products and services.

Vendor Management Risk management

Brassica implements third-party management policies and procedures to protect assets and data accessible by vendors, ensuring information security and service delivery standards are met.

Background checks

Brassica conducts background checks on all applicants selected for full-time employment.


All Brassica employees are required to complete annual security training.

Policy Checklist Data and Privacy Incident Response Business Policy Data Security

Infrastructure security


Brassica is committed to compliance with all applicable financial and data privacy laws.

External audits

Brassica conducts an annual external independent audit — penetration testing, vulnerability scans, and information security.

Audit logs

Brassica collects audit trails, covering every write operation in Brassica’s ecosystem.

Data encryption

Brassica encrypts all data, with the strongest encryption available with at least the standards of (AES-256-GCM) and (TLS 1.2).

Hosting and Segmentation

Brassica’s uses a Tier 1 Cloud Provider to host fully segregated sandbox and production environments.


Brassica uses ACLs and Web Application Firewalls amongst other network security tools to audit and detect abnormal behavior.

End-to-End Encryption Running security check ... Scheduled 1 min ago 17 mins ago 53 mins ago Success Success Success Success Success Scheduled Scheduled Completed Completed Completed Completed Completed

Product security

API token scopes

Customer tokens restrict API resources to only what is enabled for a specific customer, and limit token exposure to individual customers. API tokens are set to automatically expire in one year. Brassica lets you customize expiration dates to enforce stricter security policies in your organization.

Client Login

They include built-in Two Factor Authentication (OTP) and customizable expiry that your systems can rely on. Brassica helps you track and log your account and organizational access.

Roles and permissions

The Brassica dashboard includes built-in roles and permissions for your team members. This ensures that access to information on a need-to-know basis only.

Roles & Permissions Read Write Cards Statements Accounts Transactions Authorizations Payments Customers Webhooks Customer Tags Cards Sensitive



Brassica ensures high availability, improving recovery times and providing access to second availability zones.


We backup all production data and all backups are geo-replicate backups within the same judicial data boundary.


We continuously monitor the platform and post real-time updates to our public status page.

Business continuity

We have a comprehensive business continuity plan that we activate put into action when facing disruptions. To ensure its effectiveness, we conduct annual tests. This rigorous testing process enables us to fine-tune the plan, allowing us to handle any unforeseen circumstances with confidence.

System Operations Past Incidents Dashboard Updated 3 hours ago Updated 1 hour ago Updated 2 minutes ago API 0 Sandbox No incidents Recorded

Reporting a potential security concern

Brassica encourages everyone to follow responsible disclosure procedures when reporting security issues that surround our products, services, websites, or infrastructure. We are committed to engaging with anyone reporting security vulnerabilities in a positive, professional, mutually beneficial manner that protects our customers.

To report a security bug, please contact us at:
Background image for footer

Bring financial features to life and start building — today

Background image for footer