Control your transparency

Bridgit products include robust permissions and data protection that allow for greater control over the accessibility of your data.

• Cloud-based SaaS
• Supports SSO via Microsoft and Google OAuth2.0 providers as well as SAML
• Strong access controls that include custom permission groups for controlled transparency

Learn more by visiting the Bridgit Trust Center ->

Encrypted Data

Our trusted infrastructure protects your data at every level.

• Data is fully encrypted in transit and at rest with RSA 256-bit encryption
• TLS 1.2 with perfect forward security ciphers and 1.3 with HSTS

Vulnerability assessment and monitoring

Bridgit applications are routinely checked against the Open Web Application Security Project (OWASP) top vulnerability list.

We ensure you always have access to your data with 99% uptime for Bridgit applications.

View our Platform Terms of Service →

Bridgit Security and Compliance FAQ

Data Storage and Resiliency

Where is customer data for Bridgit Bench stored?

Bridgit Bench is hosted on AWS in North America.  All customer data is stored in AWS in the US. More specifically: We host on the west coast across multiple Availability Zones and have Disaster Recovery infrastructure in central US.

Is customer data in Bridgit Bench backed up?

Yes, customer data in Bridgit Bench is backed up continuously and the backups are encrypted at rest.  Customer data is also replicated across availability zones.

Does Bridgit have a Disaster Recovery and Business Continuity Plan?

Yes, Bridgit has a Disaster Recovery and Business Continuity Plan.

Data Retention

How long does Bridgit retain customer data? Can a customer request deletion of their data?

By default, we retain customer data for the duration of your contract. If a customer requests the deletion of their data, we will delete their data within 90 days unless legally prohibited. Customer data that is part of the historical data import prior to implementation will be retained only as long as needed by the implementation team and will be deleted within 100 days of collecting the data from the customer.

Security Compliance and Certifications

What security compliance/certifications does Bridgit have?

Bridgit currently has certification for SOC 2 Type 2.  Bridgit has no other security compliance/certifications at this point in time. SOC 2 Type 2 report can be shared with a signed NDA in place.

Responsible Disclosure Policy

How can I report a security concern or vulnerability? 

At Bridgit, we are committed to maintaining the highest level of security for our systems and data. We encourage security researchers to report any potential vulnerabilities responsibly. Please refer to our Responsible Disclosure Policy for detailed guidelines on how to submit a report.

Integrations

Is data secure moving between Bridgit Bench and other software?

All access to Bridgit REST API endpoints require an access key and are secured with TLS. This access key can be regenerated on demand by customers. Learn more about our Open API here.

Integrations with other applications are all opt-in and authenticate via OAuth or other applicable mechanisms required by the third-party application. Integrations can be disabled at any time.

Bridgit Employees

Are Bridgit employee computers secure?

It is mandatory for employee computers to have strong passwords, encrypted disks, firewalls, and, where applicable, inbound and outbound network traffic monitoring and alerting.

View our Platform Terms of Service →