Back homeSecurity
Built for businesses that take their data seriously.
Brain Pebbles is used by small-business owners to run real operations — invoices, client work, internal routines. Here is exactly how we keep your workspace yours.
Encrypted end to end at rest and in transit
TLS 1.2+ with HSTS preloaded (2-year). AES-256 at rest for your database and uploaded files. Your data is never written to disk unencrypted.
Tenant isolation enforced in the database
Every table that holds your data has Row-Level Security on, scoped to your user ID. There is no application code path that can read another customer's tasks, projects, messages, or files.
Leaked-password protection
Every signup and password change is checked against the Have I Been Pwned breach corpus. Compromised passwords are rejected. Strong-password rules (12+ chars, mixed case, number, symbol) are enforced on top.
Files served via short-lived signed URLs
Your attachments live in a private bucket. We never hand out long-lived public links — every download URL expires in 60 to 300 seconds.
Hardened invitations
Project invitations expire in 7 days, are single-use, and are email-bound — accepting requires signing in with the address the invitation was sent to. Forwarding a link fails closed.
Hosted on audited infrastructure
App delivery runs on Cloudflare edge. The backend (Postgres, Auth, Storage) is SOC 2 Type II audited. Managed daily backups with point-in-time recovery.
Multi-account switching without cross-leak
Sign into several accounts in one browser and switch instantly. Each account is isolated by Row-Level Security server-side — switching only swaps which signed-in session is active, and we store no passwords on your device.
Public security changelog
Every shipped security improvement is recorded in our public changelog. Nothing about our security posture is private marketing — it's all auditable.
Reporting a vulnerability
Found something? Email security@brainpebbles.com. We acknowledge reports within one business day and publicly credit researchers (with permission) who help us fix real issues.