Security at Bronson 
Bronson handles sensitive medical records and legal data. Protecting that information isn't just a feature - it's foundational to everything we build.
Enterprise-grade security.
View our real-time security posture on the Vanta Trust Center.
SOC 2 Type II
Bronson is actively pursuing SOC 2 Type II certification to independently verify that our security controls operate effectively over time. This covers data handling, access management, and operational integrity.
HIPAA Compliance
As a platform processing protected health information, Bronson is working toward HIPAA certification, implementing the administrative, physical, and technical safeguards required to ensure the confidentiality and integrity of medical records.
Data Handling Practices
All data is classified and handled according to its sensitivity level. We enforce strict retention policies, role-based access controls, and audit logging across every system that touches client data.
Vendor Security
Third-party vendors undergo security assessments before integration. We evaluate data processing agreements, encryption practices, and compliance certifications to ensure our supply chain meets our standards.
Your data, secured.
Encryption
All data is encrypted at rest using AES-256 and in transit using TLS 1.2+. Encryption keys are managed through dedicated key management services with automatic rotation.
Access Controls
We enforce least-privilege access with role-based controls, multi-factor authentication, and regular access reviews. Every access event is logged and monitored.
Infrastructure
Bronson runs on hardened cloud infrastructure with network segmentation, intrusion detection, and 24/7 monitoring. Systems are regularly patched and vulnerability-scanned.
Report a vulnerability.
We value the work of security researchers and welcome responsible disclosure of any vulnerabilities found in our systems.
If you discover a potential security issue, please report it to security@bronson.com. Include a description of the vulnerability, steps to reproduce, and any relevant supporting material.
We aim to acknowledge reports within 2 business days and will work with you to understand and address the issue promptly. We ask that you give us reasonable time to investigate and remediate before disclosing publicly.