Security

The architectural claim

Sensitive fields — tenant phones, IBANs, Emirates IDs, passport numbers, your private notes — are encrypted in your browser before they reach our servers. Bricks stores ciphertext only.

The encryption key is derived from your password and lives only on your devices. Without that key, our database is gibberish — even to us. If someone breaches our infrastructure, they get unintelligible blobs. If a court compels our cloud provider, they hand over unintelligible blobs.

Your staff, safely

Junior agents and admins work the system without ever holding a copy of your client list. Phone numbers, IBANs, and Emirates IDs render as dots until tapped — and every tap is logged with the user's name, the field, the record, and the timestamp.

• Tap-to-reveal: Sensitive fields hidden by default. Each reveal writes an audit row.
• No bulk export: Only the workspace owner can dump CSV. Staff sees one record at a time.
• Watermarks: Every screen showing client info carries a faint diagonal overlay with the viewer's email and the time. Screenshots are traceable.
• Anomaly alerts: Bulk reveals (30+ in an hour), off-hours access (00:00–06:00 UAE), and logins from new devices push the workspace owner immediately.
• Departure pack: The day a staff member leaves, you click Remove and download a forensic CSV of every PII reveal, every edit, every login in their last 30 days.

Stolen passwords, lost laptops

If a phone is lost, a laptop stolen, or a password leaked, you have one tap to kill every active session and force everyone in your workspace to re-authenticate. Trusted devices are listed on the Trust Center page; revoke any one with a click.

Trust, but verifiable

The most common pitch agents have heard is "trust us". We try not to ask for that.

• UAE data residency: Your data lives on UAE-region cloud as soon as our provider opens it for our stack — currently EU-Frankfurt, the closest available, with a public commitment to migrate.
• No AI training: We never train models on your data. Full stop.
• No vendor lock-in: The Export everything button in your settings produces a complete CSV bundle plus all photos, PDFs, and documents in seconds. Owner-only, available anytime.
• Source-code escrow (enterprise tier): If we shut down, the code releases to you and a self-hosted Bricks runs on your own server forever.
• Soft-delete: Nothing is permanently destroyed for 90 days. Hostile employee mass-deletes are reversible.
• Tamper-evident audit log: Every action is recorded in a chain protected by cryptographic hashes. Even an admin can't quietly delete entries without breaking the chain.

Regulatory alignment

Bricks is designed to meet the UAE Personal Data Protection Law (PDPL) and the DIFC Data Protection Law for in-zone customers. We're working toward SOC 2 Type 1 and ISO 27001 — these are on the roadmap, not the homepage. Ask us for our current security questionnaire if you need one for procurement.

What we don't claim

We don't claim perfect security. No software does. We do claim a small, defensible blast radius: ciphertext-at-rest, no plaintext PII in our logs, no PII in error reports, no PII in support channels. If the worst happens, the leak is mathematically degraded.

Forgetting your password alone is fine — your recovery code re-links your data to a new password without re-encrypting anything. But if you forget your password and lose your recovery code, the encrypted fields cannot be recovered. We'll tell you this clearly when you sign up — and we make you save the recovery code before you can proceed.