Brijr operates as a secure, fully compliant data processor. Our architecture is built to satisfy the strictest global IT requirements, including GDPR, CCPA, and CPRA.

To ensure absolute compliance with international data sovereignty laws, the Brijr platform operates on a strict Dual-Region Split Architecture hosted within Amazon Web Services (AWS).
European client data is processed and stored exclusively on isolated AWS infrastructure located in Frankfurt, Germany. EU operational and log data is strictly isolated and never transmitted outside European jurisdictions.
United States and global client data is processed and stored on dedicated AWS infrastructure located in N. Virginia, USA. Security configurations match the exact standards of our European structures.
All external communication streams, API endpoints, web forms, and synchronizations are encrypted using secure HTTPS/TLS 1.2+ protocols to prevent man-in-the-middle attacks.
All relational databases (AWS RDS clusters) and storage volumes (AWS EC2/S3) utilize AES-256 standard encryption keys.
Highly sensitive client operational variables, such as OAuth 2.0 refresh and access tokens used for HubSpot and Salesforce authentication, are further protected with application-layer secondary encryption before storage.
Our core backend ETL engine operates as a fully decoupled, headless application, isolated from the public-facing web servers to prevent injection and exploit vulnerabilities.
Brijr enforces the principle of least privilege across our entire infrastructure, ensuring your central data directories are never exposed.
All CRM connections leverage private Connected Apps with standard OAuth 2.0 authentication. We request strictly limited, scoped API permissions (e.g., read/write access limited to contact/lead timelines) rather than requiring global organization administrator rights.
Administrative server-level access is limited via strict physical IP whitelisting. Server maintenance paths are secured with multi-factor authentication and cryptographic SSH keys; basic password authentication is completely disabled across all active clusters.
Brijr operates strictly as a Data Processor under GDPR guidelines. We claim zero ownership over your CRM profiles, client lists, or engineering parameters.
Our servers act as a conduit. We do not permanently store or cache your master records.
API synchronization and ETL logs are retained temporarily only to coordinate deduplication and error tracing. All personally identifiable information (PII) is automatically scrubbed or permanently anonymized after exactly 12 months.
We maintain automated, daily-replicated backups across our clusters with a Recovery Time Objective (RTO) of 24 hours, and commit to a strict, contractually-guaranteed 72-hour notification SLA in the event of an incident.
Have specific security, localized sovereignty, or custom CRM mapping requirements? Let's discuss how Brijr aligns with your internal IT governance frameworks.