Security & Trust
How we protect your data. Plain language, no legalese.
Data hosting
BarnX data is hosted in cloud infrastructure with redundancy and geographic distribution. Primary production data is stored in Canada (East) with a leading cloud provider. We use region-specific deployments so you can choose where your data resides when required.
Provider: [Cloud provider placeholder] · Regions: Canada (primary), US (optional)
Encryption
In transit: All traffic between your browser or app and our servers uses TLS 1.3. We do not accept unencrypted connections.
At rest: Data is encrypted at rest using AES-256. Encryption keys are managed by the cloud provider with industry-standard key management practices.
Access control
We use role-based access control (RBAC). Users only see and do what their role allows. We follow least privilege: accounts have the minimum access needed for their job.
Access changes and sensitive actions are logged. Audit logs record who did what and when. [Audit log retention: placeholder]
Backups & disaster recovery
We take automated backups on a regular schedule. Backups are stored separately from production and are encrypted. We test restore procedures to ensure we can recover data.
If something goes wrong, we have a documented recovery process. Recovery time objectives depend on the scenario; we prioritize getting you back online quickly.
Vulnerability management
We keep dependencies up to date and apply security patches promptly. Our release process includes checks for known vulnerabilities. [Automated scanning: placeholder]
If you find a security issue, please report it to security@barnx.ca. We will respond and work with you to resolve it.
Incident response
We have a documented incident response process. When we detect a security incident, we assess impact, contain it, and fix the cause. We notify affected customers when their data may have been involved.
We communicate in plain language: what happened, what we did, and what you should do if anything. We do not hide incidents that affect customer data.
Privacy summary
We collect and use data to provide and improve our services. We do not sell your data. For full details on what we collect and how we use it, see our Privacy Policy.
Subprocessors
We use the following subprocessors to operate our services. We select providers with strong security practices and data handling commitments.
| Service | Purpose | Location |
|---|---|---|
| Cloud infrastructure | Hosting and compute | Canada / US |
| Email delivery | Transactional email | US |
| Analytics (optional) | Product usage insights | US |
Security FAQ
Common questions about our security practices.
Production data is stored in Canada (East) by default. We can discuss region options if you have specific requirements.
Yes. You can export your data in standard formats. We do not lock you in. Contact support for export options.
Only people who need it for your account: our support team when you ask for help, and our engineering team for operations. Access is logged and reviewed.
We apply security patches as part of our regular release cycle. Critical vulnerabilities are addressed urgently. We communicate major changes in release notes.
We will notify affected customers as soon as we understand the scope. We will explain what happened, what data was involved, and what steps we took. We will also tell you if you need to take any action.
Email security@barnx.ca. We take all reports seriously and will respond promptly. Please include as much detail as you can share safely.
Security contact
For security questions, vulnerability reports, or to discuss our practices, contact us at security@barnx.ca.
Book a Demo