Security and Reliability

Uniform Security Protocols

Bazaar Insights maintains standardized security policies and processes, which are reviewed at least annually and updated as necessary. Our security framework is based on NIST 800 recommendations.

We conduct third-party security assessments at least once a year to evaluate vulnerabilities, perform penetration testing, and audit security controls. A letter of attestation can be provided upon request.

Our Incident Response Plan defines the roles of the Incident Commander and team members, covering the response process, customer notifications, and postmortem documentation. The Security Incident Response Plan outlines the responsibilities of the Security Incident Response Team (SIRT) and the steps for incident response.

Software Development Lifecycle (SDLC)

Bazaar Insights employs an agile development process with Continuous Integration (CI). Our CI pipeline encompasses development, staging, and production environments, ensuring authorized access controls for each environment.
Security is integrated at every step of our development process. Data handling, code deployment, configuration, and patch management all adhere to security best practices outlined in our security policies and SDLC.

Our SDLC mandates code review and approval for all changes, along with a successful build on all automated tests in our CI environment before deployment. All developed code undergoes both manual review and automated testing to identify potential security vulnerabilities. We strive to follow the best practices set forth by OWASP (Open Web Application Security Project).

Identified security vulnerabilities are subjected to an impact and risk assessment. Patches or other remediation measures are first deployed in a development environment, tested in staging, and then implemented in production.

Additionally, automated application penetration tests are conducted internally on a regular basis.

Administrative Control

Bazaar Insights adheres to the principle of "least privilege." We issue credentials only to individuals and systems that absolutely require access to a system or resource. Access can only be granted by a member of our Operations team and is tracked for auditing purposes. Administrators have the authority to revoke access at any time, which supports our off-boarding process.

Scalable Architecture

Bazaar Insights utilizes a resilient and scalable infrastructure for hosting services, ensuring fault tolerance and high availability as outlined in our Terms of Service. Our cloud providers maintain industry-standard compliance certifications, such as ISO 27001 and SOC 2, which we review annually.

All SSL certificates are generated with a 2048-bit key length and SHA-256, with the keys encrypted and securely stored using a key management service.

Data Resilience

Bazaar Insights' infrastructure is designed to support a robust disaster recovery process. Automated data backups, well-documented recovery procedures, and annual testing ensure that we are prepared in the event of a disaster
We have a defined Recovery Time Objective (RTO) and Recovery Point Objective (RPO) in place to maintain service continuity.

Access Control & Verification

Bazaar Insights relies on a cloud service provider solution that incorporates multi-factor authentication to access environments. User-defined groups and roles follow the "least privilege" principle.
Remote access to our infrastructure is strictly limited to authorized users and is only possible via our VPN.

Log monitoring is in place, with audit logs retained in accordance with our retention policy. Suspicious activities or unauthorized access trigger immediate alerts to our operations staff, and the security team is involved, when necessary, as part of our Incident Response plan.

Staff supporting our infrastructure have regularly rotated passwords for security.

End-User Data

We host customer data in a multi-tenant environment, ensuring data segregation at the application level for each customer. This approach prevents unauthorized access to customer data by other organizations.

All data traffic is encrypted using a minimum of TLS V1.2. We implement the latest encryption algorithms and continuously test and upgrade to newer, more secure standards as they emerge. Currently, we use 256-bit AES encryption, with key management as part of our cloud service provider’s offering.

Customer data is encrypted both in transit and at rest, including system and database backups. Access to customer data is restricted to authorized personnel only.

Unified Authentication (SSO)

At Bazaar Insights, we prioritize the security, availability, and performance of our services. Our infrastructure is resilient, elastically scalable, and fault-tolerant, ensuring consistent service and minimal downtime. We comply with industry standards, such as ISO 27001 and SOC 2, and review these reports annually.
High-Availability Architecture
We use fault-tolerant, scalable infrastructure to ensure high availability and consistent performance. Our SSL certificates are updated with a 2048-bit key length and SHA-256, and encryption keys are securely stored using a key management service.

Access Control

We maintain a comprehensive disaster recovery process with automated data backups, defined Recovery Time Objectives (RTO), and Recovery Point Objectives (RPO) to minimize service disruption.
Authentication & Authorization
We enforce multi-factor authentication (MFA) for secure access and apply the “least privilege” principle. Remote access is limited to authorized users via VPN. We monitor logs, retain them per policy, and respond swiftly to suspicious activity.

Event Tracking

Customer data is hosted in a multi-tenant environment with application-level segregation. We encrypt data in transit with TLS V1.2 or higher and at rest with 256-bit AES. Access is strictly limited to authorized personnel, ensuring your data is always protected.

At Bazaar Insights, we take security seriously and value the help of our community in keeping our services secure. If you have discovered a security vulnerability, we encourage you to report it responsibly.

Reporting Security Issues
To report a security-related bug or configuration issue, please review our Responsible Disclosure Guidelines before submitting your report. Your cooperation helps us address security concerns effectively and promptly.

Privacy Inquiries
For questions or concerns regarding privacy, please refer to our Privacy Policy for detailed information on how we handle your personal data.