Skip to Content Skip to main content

Security

Information security is not an afterthought. It is the foundation of everything we do.

Certification

ISO/IEC 27001 certified

BrainStax B.V. is ISO/IEC 27001 certified. This is the international standard for information security. The certificate confirms that we maintain an Information Security Management System (ISMS) that meets the highest requirements for the protection of data and information.

Our certification covers all services: from AI Inspiration Sessions and Define & Discover phases to production implementations on the BrainGrounds platform. This means your data is in safe hands with us, from first conversation to daily use.

ISO/IEC 27001 certification badge

Download certificate

⇩ Certificate (NL) ⇩ Certificate (EN)

Certificate number: C846026

How we work

Security in practice

Data encryption

All data is encrypted in transit (TLS 1.2+) and at rest. No exceptions.

Access control

Strict role-based access. Only those who need access get access. Always with MFA.

Continuous monitoring

Security incidents are monitored 24/7. Anomalies are detected and resolved immediately.

Supplier management

Our suppliers meet the same security standards. BrainGrounds runs on Databricks with enterprise-grade security.

Business continuity

Tested disaster recovery plan. Regular backups. Minimal downtime during incidents.

Awareness training

Every team member regularly completes security awareness training. Security is a shared responsibility.

Responsible Disclosure

Found a vulnerability?

We appreciate security researchers helping us keep our systems safe. Have you discovered a vulnerability in our website or services? Report it via our responsible disclosure policy.

Report

Send your findings to:

security@brainstax.com

What we ask

  • Describe the vulnerability in as much detail as possible, including steps to reproduce.
  • Give us reasonable time to fix the issue before disclosing it publicly. We aim to resolve within 90 days.
  • Do not exploit the vulnerability beyond what is necessary to demonstrate it.
  • Delete any obtained data immediately after reporting.
  • Do not perform attacks that affect the availability of our services (DDoS, spam, etc.).

What we promise

  • We will acknowledge your report within 3 business days.
  • We will keep you informed of our progress.
  • We will not take legal action if you follow the above rules.
  • We will credit your name (if you wish) as recognition for your contribution.

Out of scope

  • Social engineering attacks on employees
  • Physical attacks on offices or infrastructure
  • Denial of Service (DoS/DDoS) attacks
  • Automated scans without prior permission

Downloads

ISO 27001 Certificate (NL)

Dutch certificate

⇩ Download PDF

ISO 27001 Certificate (EN)

English certificate

⇩ Download PDF

General Terms

NLdigital Terms 2025

⇩ Download PDF

Questions about security?

Get in touch. We're happy to discuss how we protect your data.

Get in touch → Download the paper →

Or schedule a free consultation →