Security & Compliance

Keeping your financial data and source of wealth secure is important to us. This page outlines how we approach security at Brisa.

Please submit potential vulnerabilities via email to security@joinbrisa.com.

For security-related questions, contact us at security@joinbrisa.com.

For compliance inquiries, contact compliance@joinbrisa.com.

Overview

Brisa is an AI-powered, read-only wealth OS platform for high-net-worth individuals. We consolidate bank accounts, investments, credit/loans, and real estate into one dashboard. Brisa is not a bank or financial advisor—we provide clarity and insights; you stay in control of your money.

Because we handle sensitive financial information, we take security seriously. This document describes our current security posture and practices.

Certifications and third-party assessments

We are committed to strengthening our security posture over time. If you operate in a highly regulated environment and require specific certifications or assessments, please contact us at compliance@joinbrisa.com to discuss your requirements.

Infrastructure security

Our infrastructure and subprocessors:

AWS — Sees and stores all application data: Our infrastructure is primarily hosted on AWS. We use ECS for application hosting, ECR for container images, and ElastiCache (Redis) for sessions and job queues. All production servers are in North America (Canada). All traffic to and from our application passes through AWS.

MongoDB Atlas — Stores all application data: MongoDB Atlas hosts our primary database. This includes account data, transactions, holdings, bank account details, Plaid link tokens, Concierge conversation history, user profiles, and all other persistent application state. Data is hosted in North America with encryption at rest enabled by default.

Plaid — Sees and processes financial data: Plaid connects your bank, investment, and credit accounts to Brisa. When you link an institution, you enter your credentials directly in Plaid's Link flow—we never see or store your bank login credentials. Plaid fetches balances, transactions, holdings, and liabilities on our behalf and returns that data to our servers. Plaid is PCI DSS Level 1 compliant and operates under its own security and compliance program. You can disconnect any institution at any time from your Brisa settings.

Clerk — Sees and stores authentication data: Clerk handles user authentication, including email/password sign-in, session management, and password hashing. Clerk also stores user identity information (name, email). Clerk supports MFA and SSO for enterprise users. We use Clerk's API to verify users and manage sessions; we do not store passwords ourselves.

OpenAI — Sees Concierge conversation data: We use OpenAI's models to power Brisa Concierge. When you chat with Concierge, your messages and relevant context (e.g., account summaries, transaction counts, tool results) are sent to OpenAI to generate responses. OpenAI may retain this data according to their usage policies. See the AI and Concierge section for more detail on what is sent.

Anthropic — Sees Concierge conversation data (when configured): We support Anthropic's Claude models as an alternative to OpenAI for Concierge. When configured, your Concierge conversation data is sent to Anthropic instead of (or in addition to) OpenAI. Anthropic's data retention policies apply. See the AI and Concierge section for more detail.

Stripe — Sees and stores billing data: Stripe processes subscription payments. Stripe stores payment method details (we never see or store full card numbers) and manages the billing relationship. Webhook events from Stripe notify us of subscription changes. Stripe is PCI compliant and handles all card data on their side.

Resend — Sees email addresses and email content: Resend delivers transactional emails on our behalf: verification, password reset, subscription confirmations, trial reminders, daily briefings, and other notifications. Resend sees recipient addresses and the full content of each email we send.

Cohere — Sees text for embedding: Cohere's embedding API is used for semantic search and AI features. We send text (e.g., from Concierge queries or document chunks) to Cohere to generate embeddings. Cohere does not store the embeddings for our use case; retention is governed by their API terms.

Exa — Sees search queries (potentially derived from conversation): Concierge uses Exa for web search when answering questions that require external information. A language model determines what to search for based on your message and conversation context; the resulting search query (not your full conversation) is sent to Exa. Exa returns search results that we use to compose Concierge's response.

Sentry — Sees error logs and stack traces: Sentry captures application errors and performance data. Error reports may include stack traces, request metadata, and in some cases snippets of request/response data to aid debugging. We configure Sentry to minimize exposure of sensitive fields.

PostHog — Sees usage analytics: PostHog records product usage events (e.g., pages viewed, features used). Events may include anonymized or pseudonymized identifiers. We use this for understanding how the product is used and improving it.

Loops — Sees email addresses and user properties: Loops powers our email campaigns and lifecycle messaging (e.g., welcome series, trial reminders). We sync email addresses and basic user properties (name, signup date) to Loops. Loops sends marketing and nurture emails on our behalf.

Intercom — Sees support conversation data: When you contact support via the in-app messenger, your messages and any context you share are processed by Intercom. Intercom stores conversation history and may use it to route and respond to tickets. Support agents can see your account details when assisting you.

Logsnag — Sees operational alert data: Logsnag receives internal alerts for critical events (e.g., account deletions, payment failures). Alert text may reference user identifiers or account information. This is used for internal monitoring only.

Zillow — Sees property addresses: When you add real estate to Brisa, we may send property addresses to Zillow's Zestimate API to fetch estimated market values. Zillow returns valuation data; we do not share your full portfolio with Zillow, only the specific property being valued.

Polygon — Sees symbol/ticker requests: Polygon provides market data (prices, historical data) for securities. We send ticker symbols and request parameters; Polygon returns market data. No personally identifiable or account-specific data is sent.

ExchangeRatesAPI — Sees currency symbols: We request foreign exchange rates for supported currency pairs (e.g., USD, EUR, GBP). Only currency codes are sent; no account or user data.

Google Maps — Sees property addresses: When displaying real estate on a map, we send property addresses to Google Maps for geocoding and map tiles. Google returns coordinates and map imagery. We do not send full portfolio or account data.

None of our infrastructure is in China. We do not directly use any Chinese company as a subprocessor.

We assign infrastructure access on a least-privilege basis. Secrets are managed via environment variables and, where applicable, HashiCorp Vault or AWS Secrets Manager. All API traffic uses TLS (HTTPS).

None of our infrastructure is in China. We do not directly use any Chinese company as a subprocessor.

We assign infrastructure access on a least-privilege basis. Secrets are managed via environment variables and, where applicable, HashiCorp Vault or AWS Secrets Manager. All API traffic uses TLS (HTTPS).

Data security

Encryption in transit: All data in transit is encrypted using TLS 1.2 or higher.

Encryption at rest: We use industry-standard encryption (AES-256) for data at rest. MongoDB Atlas provides encryption at rest by default.

Access controls: Application and database access are scoped by account and user. Financial data is never shared across accounts.

Secure cookies: Session cookies are HTTPOnly, Secure, and SameSite, reducing the risk of XSS and CSRF.

Client security

Brisa is a web application. For the best experience, we recommend using a modern, up-to-date browser (Chrome, Firefox, Safari, or Edge).

If you are behind a corporate proxy or firewall, you may need to whitelist: app.joinbrisa.com, backend.joinbrisa.com, joinbrisa.com, *.clerk.zone, *.stripe.com, and *.plaid.com.

AI and Concierge

Brisa Concierge is an AI-powered assistant that helps you understand and act on your financial data. To provide responses, we send your messages and relevant context (e.g., account summaries, transaction summaries) to our AI providers (OpenAI and/or Anthropic).

What is sent: Your conversation text, tool results (e.g., account balances, transaction counts), and system instructions. We minimize the amount of raw financial data sent; context is typically aggregated or summarized.

Storage: Conversation history is stored in our database (MongoDB) so you can resume chats. AI providers may retain requests according to their policies—we recommend reviewing OpenAI's data usage (https://openai.com/policies/usage-policies) and Anthropic's data usage (https://www.anthropic.com/legal/consumer-terms) for details.

Web search: For some queries, Concierge uses Exa to search the web. The search query may be derived from your question; the query (not your full conversation) is sent to Exa.

If you prefer not to use Concierge, you can avoid it entirely; it does not affect the rest of the platform.

Financial data and Plaid

Brisa connects to your financial institutions through Plaid. Plaid is a trusted, regulated connector used by thousands of applications.

Read-only: We use Plaid in read-only mode. Brisa can view balances, transactions, holdings, and account metadata; we cannot initiate transfers or move your money.

No credential storage: Your bank credentials are entered directly in Plaid's secure Link flow. We never see or store your login credentials.

Revocation: You can disconnect any linked institution at any time from your Brisa settings. When you do, we stop syncing that institution and remove stored Plaid access for that link.

Plaid security: Plaid is PCI DSS Level 1 compliant and maintains its own security program. More information: Plaid Security (https://plaid.com/security/).

Account deletion

You can permanently delete your account from Settings → Account → Permanently Delete Account. You will need to confirm with your password.

When you delete your account, we:

• Remove all linked financial accounts and Plaid connections

• Delete transactions, holdings, bank accounts, and related data

• Remove subscription and billing records (Stripe)

• Delete your user record and authentication identity (Clerk)

• Remove daily briefings, risk analyses, and other derived data

We aim to complete deletion within 30 days. Some systems (e.g., databases, backups) may retain data for up to 30 days before it is overwritten or purged.

Note: If your data was previously shared with AI providers (e.g., via Concierge), those providers may retain it according to their own retention policies. Deleting your Brisa account does not automatically delete data from third-party AI providers.

Vulnerability disclosures

If you believe you have found a security vulnerability in Brisa, please report it to security@joinbrisa.com.

We commit to:

• Acknowledging your report within 5 business days

• Keeping you informed of our progress

• Addressing issues as quickly as we can, with critical issues prioritized

We ask that you:

• Provide enough detail for us to reproduce and validate the issue

• Avoid exploiting the vulnerability beyond what is needed to demonstrate it

• Refrain from publicly disclosing the issue until we have had a chance to address it

We appreciate the security research community and will acknowledge researchers (with their permission) for responsible disclosures.