Security at Debrief

Debrief utilizes enterprise-grade best practices to protect our customers.

Customer trust is our #1 priority.

We maintain the highest standards of data privacy and security because we know your data is important to keep secure. Debrief undergoes regular security reviews, designed to be GDPR compliant, and encrypts data at rest and in transit.

Our customers entrust sensitive data to our care. Keeping it secure is our promise.

Learn more about our Security Measures
Search icon

Secure and Reliable Infrastructure

Debrief uses Amazon Web Services (AWS) for the hosting of staging and production environments. AWS data centers are monitored by 24×7 security, biometric scanning, video surveillance and are SOC 1, SOC 2, and SOC 3 certified.

Ongoing Commitment to World Class Security

Data Encryption

Data is encrypted in-transit using bank-grade TLS 1.2. Data is encrypted at-rest using 256-bit encryption via native world class AWS capabilities.

Tag icon
Data Permissions & Authentication

Access to customer data is limited to authorized employees who require it to perform their job duties.

Chapter marker icon
Incident Response

Security breaches will be communicated within 48 hours, and vulnerabilities are fixed ASAP.

Tag icon
Strict Security Policies

Debrief employs staff responsible for reviewing, updating, testing and maintaining our security and privacy policy.

Tag icon
Secure Software Development

Software development and deployment at Debrief is managed by a secure process.

Search icon

Debrief Responsible Disclosure Policy

Data security is a top priority for Debrief. If you believe you’ve found a security vulnerability in Debrief’s service, please notify us and we will work with you to resolve the issue promptly.

Disclosure Policy

If you believe you’ve discovered a potential vulnerability, please let us know by emailing us at Provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within one week of disclosure.

Make a good faith effort to avoid violating privacy, destroying data, or interrupting or degrading the Debrief service. Please only interact with domains you own or for which you have explicit permission from the account holder.


While researching, we’d like you to refrain from:
- Distributed Denial of Service (DDoS)
- Spamming Social engineering or phishing of Debrief employees or contractors
- Any attacks against Debrief’s physical property or data centers

Frequently Asked Questions

Where's the data being stored?

Customer data is stored in the United States

How often is data backed up?

All data is persisted in a database that has transaction logging enabled and is fully backed up daily.

Does Debrief require any plugins and what browser is required?

Debrief works with all modern browsers without any plugins.

Have a specific question?

If you want to chat with us about your specific needs, we're here to help. Please send us an email at and one of our rockstar team members will reach out promptly.

How often is data backed up?

All data is persisted in a database that has transaction logging enabled and is fully backed up daily.