Security

Brisko handles credentials for the services you pay for. Here’s exactly how we protect them.

GDPR compliant

Your data lives in Frankfurt, Germany — hosted by Supabase, encrypted at rest, encrypted in transit, GDPR by default. For AI-assisted naming and transactional emails, we use US-based providers with appropriate safeguards under the GDPR.

Privacy Policy ›

Data protection

How your data is secured at rest, in transit, and at the infrastructure level.

Encrypted at rest

All credentials are encrypted in our database. The encryption key is managed server-side. Your logins are never stored in plain text.

Encrypted in transit

Every connection to Brisko uses TLS. Every connection from Brisko to a third-party service uses TLS. No exceptions.

Frankfurt database

Your data lives in Frankfurt, Germany. GDPR by default. For AI and email, we use US providers with GDPR-compliant safeguards.

Security practices

Every measure listed here is built into Brisko’s architecture today.

Infrastructure

  • Row Level Security on every query
  • Two-factor authentication available
  • Server-side encryption key management
  • Isolated browser sessions per run

Data privacy

  • No tracking cookies or analytics
  • No data selling or profiling
  • GDPR compliant by default
  • Data deleted on account closure

Collection

  • Read-only access by default
  • Scope-locked adapters per service
  • Transparent run logs
  • One-click service disconnect

Frequently asked questions

Can Brisko see my passwords?

No. Credentials are encrypted in our database and never stored in plain text.

Where is my data stored?

In Frankfurt, Germany, hosted by Supabase. For AI naming and transactional emails, we use US-based providers under GDPR safeguards.

Can Brisko change anything in my accounts?

No. Brisko is read-only by default — it reads invoices, nothing else.

What happens when I disconnect a service?

Everything goes with it. Sessions, cookies, credentials, downloaded files — all deleted. One click.

Do you sell my data?

No. No data selling, no profiling, no tracking cookies, no analytics.

Questions?

If you have security questions or want to report a vulnerability, we’d like to hear from you.

Get in touch