Security, privacy and compliance

Our teams adhere to rigorous internal standards and policies. Our infrastructure, data policies and internal corporate processes have been run through extensive security tests by third-party auditors.

Infrastructure

baz uses Amazon Web Service (AWS) asa the cloud provider to store and process data. We use the us-east-1 region in the main production account.

Access to workstations, cloud services, source code and third-party tools are done through a single IDP and require MFA.

Backup

baz persists long-lived copies of code and short-lived copies of transactional event data. Long lived copies are retained indefinitely and short lived copies are retained up to 12 months.

Encryption

Data is encrypted at rest (AES-256) and in transit (HTTPS/TLS).

Disclosure

If you notice a security issue or have a question or concern, you can reach out to our CTO, Nimrod at nimrod@baz.co. We'll respond as soon as possible. Currently, we do not have a bug bounty program.