We put privacy and security over profits.

  • User-submitted data is encrypted both in transit and at rest and stored securely on Google Cloud Platform.
  • Our customers set data retention policies and specify how long to keep data before it is permanently deleted from our servers.
  • Access is logged and submitted images are watermarked with a per-access unique identifier.
  • All Berbix employees undergo background checks prior to being hired and are trained on security best practices during onboarding.
  • Our internal dashboards provide Role Based Access Controls (RBAC) to limit access following the principle of least privilege. Only a limited number of individuals will have access to review any user-submitted data.
  • We undergo regular security assessments and penetration tests by third-party auditors and security experts.

Compliance and Certifications

SOC 2 Type II and HIPAA

We completed our SOC 2 Type II examination in March 2020. We are HIPAA compliant. Our full reports from third-party auditors are available upon request.


We can help you comply with your GDPR compliance obligations. Contact us to learn more about our GDPR compliance program.


We are ready for the California Consumer Privacy Act of 2018.

Contact Security

If you believe you’ve found a security vulnerability in Berbix, please get in touch at security@berbix.com. If you’d like to encrypt your message, please use our PGP public key. We will get back to you as quickly as possible. We ask that you do not publicly disclose the issue until it has been addressed by Berbix.