Security overview

How we approach security.

A high-level summary of our general security practices. This page is informational and is not a binding commitment; specific obligations applicable to your account are set out in our agreements with you.

Contact security Read our Privacy Policy

BuzzWisely takes the security and confidentiality of customer data seriously. This page describes our general approach. It is not intended to create legal obligations beyond those in our written agreements with you, and our practices may change from time to time. For specific commitments, see your subscription agreement, Data Processing Addendum (where applicable), Business Associate Agreement (for HIPAA-eligible plans where signed), or our Privacy Policy.

Last updated May 2026

Principles

The ideas we try to live by.

Defense in depth

We apply layered security controls across infrastructure, application, and operational levels. Specific implementations evolve over time as best practices change.

Least privilege

Access to systems and data is granted on a need-to-know basis. We review access regularly and revoke promptly when roles change.

Transparency where appropriate

We share security practices openly with customers under appropriate confidentiality. Specific technical details may be limited where disclosure could weaken protections.

Continuous improvement

Security posture is reviewed regularly against current industry guidance. We adjust controls as the threat landscape and our customer requirements evolve.

Areas of focus

Where security applies.

Infrastructure

Our services are hosted with reputable cloud infrastructure providers that maintain industry-recognized security and compliance programs. We typically use encryption in transit and at rest where appropriate. Network controls and monitoring are in place at multiple layers.

Data handling

Customer data is segregated logically. Access to production data is restricted and logged. We retain data for periods consistent with the service being provided and applicable law. Where required by regulation (such as HIPAA for healthcare customers), we apply additional safeguards documented in our applicable agreements.

Identity & access

Internal access to systems requires authentication and is regularly reviewed. We typically require strong credentials, multi-factor authentication where appropriate, and revoke access promptly when personnel changes occur.

Application security

We follow generally accepted secure development practices, which may include code review, dependency monitoring, and remediation of identified issues on a risk-prioritized basis. Specific tooling and processes evolve over time.

Monitoring & incident response

We monitor our systems for indicators of potential security events. If we become aware of a confirmed incident affecting your data, we will notify you in accordance with applicable law and our agreements with you, on a timeline appropriate to the circumstances.

Vendor management

We engage third-party providers (infrastructure, telecommunications, AI/ML services, payments, etc.) under agreements that include appropriate confidentiality and security commitments. We periodically review providers for material changes affecting risk.

For healthcare customers

HIPAA-eligible plans are available.

For customers that are covered entities or business associates under HIPAA, certain BuzzWisely plans are HIPAA-eligible and may be used under a written Business Associate Agreement (BAA). Specific safeguards, retention periods, and notification timelines applicable to your use of the service are described in the BAA. Contact our team to discuss eligibility and availability.

Request BAA information
Responsible disclosure

Found something? Let us know.

If you believe you have identified a security issue affecting BuzzWisely, we appreciate responsible reporting. Please send a description of the issue, steps to reproduce, and any relevant context to the contact below. We will acknowledge receipt and follow up as appropriate.

We ask that researchers act in good faith, avoid impact to our customers and their data, and refrain from public disclosure until we have had a reasonable opportunity to address the issue. We do not currently operate a formal bug bounty program; however, we may recognize meaningful contributions on a discretionary basis.

Report a security issue

Changes to this page

We may update this page from time to time to reflect changes to our practices or for other operational, legal, or regulatory reasons. The "Last updated" date at the top of the page indicates when it was most recently revised. Material changes affecting contractual commitments will be communicated as required by the applicable agreement.

Related trust pages

Questions?

Talk to our team.

For specific security questions, vendor due diligence, or contract review, reach out and we'll respond promptly.

Contact us Read Privacy Policy
  • This page is informational and not a binding commitment