Trust · Security

Security at Bryka.

A short, honest overview of how we protect your data and what to do if you find a problem. We’ll add more here as our program matures.

Last updated · April 29, 2026

Encryption

All traffic to and from Bryka is encrypted in transit with TLS 1.2 or higher. Customer data is encrypted at rest with AES-256 using AWS-managed keys (RDS and S3 default encryption).

Data isolation & model training

Customer content is logically isolated per workspace. Queries against shared infrastructure are scoped to your workspace. We do not train our models on customer content, and we do not share customer content with third parties except as necessary to operate the Service (for example, calls to the model provider that powers your chatbot).

Authentication & API keys

Customers sign in to the dashboard with email-based authentication through our identity provider; passwords are never stored in plain text. API keys are scoped and can be revoked at any time from the dashboard.

Infrastructure

The Service runs on AWS in the United States. We use managed services and follow the AWS Shared Responsibility Model: AWS is responsible for the security of the cloud (physical data centers, hypervisors, managed-service patching) and Bryka is responsible for security in the cloud (configuration, access, application code).

Compliance

Bryka does not currently hold a SOC 2, ISO 27001, or HIPAA attestation, and we do not offer a Business Associate Agreement (BAA). If your organization requires one of these to use Bryka, this product isn’t the right fit yet — we’ll update this page when that changes.

We collect and process personal data in line with the principles of GDPR and CCPA — see the Privacy Policy for details on what we collect and the rights available to you.

Vulnerability disclosure

We welcome responsible disclosure from security researchers. If you believe you’ve found a vulnerability:

  • Email security@bryka.ai with a clear description and steps to reproduce.
  • Give us a reasonable window to investigate and remediate before public disclosure.
  • Avoid privacy violations, data destruction, and service degradation while testing.

We don’t run a paid bug bounty at this time, but we’re happy to publicly credit researchers who follow this policy.

Contact

Security questions: security@bryka.ai. Privacy questions: privacy@bryka.ai.