Audiospace by Brands Are Live AG
Last Updated: January 2025
Overview
Audiospace implements comprehensive technical and organizational measures to ensure the security, confidentiality, integrity, and availability of personal data in accordance with Article 32 of the General Data Protection Regulation (GDPR) and Swiss data protection requirements.
1. Technical Security Measures
1.1 Encryption and Data Protection
- Industry-standard encryption for all data transmissions using current TLS protocols
- Advanced cryptographic hashing for passwords using memory-hard algorithms
- Secure authentication tokens with appropriate expiration policies
- Multi-factor authentication capabilities for enhanced security (in deployment for certain Applications)
- Regular security updates and patch management procedures
1.2 Access Control
- Multi-factor authentication capabilities for enhanced security (in deployment for certain Applications)
- Role-based access control implementing principle of least privilege
- Key-based authentication for all administrative access
- Automated session management with secure timeout policies
- Comprehensive audit logging of all access and modifications
1.3 Network and Infrastructure Security
- Global edge security through enterprise-grade DDoS protection
- Web application firewall (WAF) filtering malicious traffic
- Isolated network architecture with container-based separation
- Continuous monitoring with CPU, memory, disk and availability alerts
- Automated threat detection and incident response capabilities
- Regular security assessments and vulnerability management
2. Organizational Measures
2.1 Personnel Security
- All personnel handling personal data are bound by confidentiality agreements
- Annual security awareness training for all team members
- Principle of least privilege for all system access
- Regular access reviews and immediate revocation upon changes
2.2 Operational Security
- Security-aware development practices with automated scanning
- Code review requirements for all production changes
- Annual penetration testing and security assessments
- GitLab-based change control with merge request approvals
- GDPR-compliant vendors required for all data processing
2.3 Business Continuity
- Automated daily backups with point-in-time recovery tested
- 90+ day backup retention with automated lifecycle management
- Regional backup storage optimized per customer location
- Annual disaster recovery testing with containerized architecture
- Multi-server architecture with rapid recovery capabilities
- Customer SLA-based recovery objectives
3. Compliance and Governance
3.1 Data Protection Compliance
- GDPR-compliant processing with documented legal bases
- Data Processing Agreements with all subprocessors
- Privacy by design principles in all developments
- Data protection practices including retention management
- Ongoing compliance monitoring and improvements
3.2 Incident Management
- Customer SLA-based response times
- 72-hour breach notification procedures per GDPR
- Multi-channel alerting for critical incidents
- Documented escalation paths and responsibilities
- Annual incident response testing
3.3 Monitoring and Audit
- Comprehensive audit trails for compliance verification
- Real-time security monitoring with automated alerts
- Performance monitoring ensuring availability targets
- Internal security audits conducted regularly
4. Infrastructure Security
4.1 Data Center Security
Our infrastructure is hosted in ISO 27001 certified data centers within the European Union (Germany), providing:
- 24/7 video surveillance and security monitoring
- Electronic access control systems with authenticated entry
- Environmental protections (VESDA fire detection, climate control)
- Redundant power supplies and network connectivity
- Compliance with German and EU data protection regulations
4.2 Edge Security and Performance
We utilize enterprise-grade edge security services providing:
- Global DDoS mitigation protecting against volumetric attacks
- Web Application Firewall (WAF) with managed rulesets
- Bot management distinguishing legitimate users from automated threats
- SSL/TLS encryption at the edge with automatic certificate management
- Content delivery network ensuring fast, secure access worldwide
- Real-time threat intelligence from global traffic patterns
5. Continuous Improvement
We maintain a commitment to continuous security improvement through:
- Quarterly review of all security measures
- Adoption of emerging security standards and best practices
- Regular investment in security technologies and training
- Proactive threat intelligence and risk assessment
Request Additional Information
For enterprise customers and partners requiring detailed technical specifications for vendor assessments or compliance purposes, we provide comprehensive security documentation under appropriate confidentiality agreements.
Brands Are Live AG
Hornbachstrasse 50
8008 Zürich, Switzerland
