Security Policy

1. Our Security Commitments

Braille Link is committed to protecting the confidentiality, integrity, and availability of all data entrusted to us by our users and institutions. Our security programme is built on the following core principles:

• Defence in depth: We apply multiple layers of security controls so that no single failure exposes user data.
• Least privilege: Access to systems and data is granted only to the extent required to perform a specific function.
• Transparency: We are open about our security practices and disclose significant incidents to affected users in a timely manner.
• Continuous improvement: We regularly review and improve our security controls in response to new threats, vulnerabilities, and industry best practices.
• User empowerment: We provide users with the tools (MFA, audit logs, role management) to help secure their own accounts and workspaces.

2. Encryption

2.1 Encryption in Transit

All data transmitted between user devices and Braille Link servers is encrypted using Transport Layer Security (TLS) version 1.2 or higher. We do not support older, deprecated protocols (SSL, TLS 1.0, TLS 1.1). Our TLS configuration uses strong cipher suites and enforces HTTP Strict Transport Security (HSTS) to prevent downgrade attacks.

2.2 Encryption at Rest

All data stored by Braille Link — including user account data, translation records, workspace content, and audit logs — is encrypted at rest using AES-256. Database volumes and object storage buckets are encrypted with keys managed through our cloud provider's key management service (KMS).

2.3 Password Storage

User passwords are never stored in plain text. We use a strong, salted cryptographic hashing algorithm (bcrypt with a suitable cost factor) to store password verifiers. Even in the event of a database compromise, passwords cannot be recovered from stored hashes through brute force within any practical timeframe.

2.4 API Tokens and Keys

API keys and session tokens are generated using cryptographically secure random number generators. Tokens are stored as hashed values on our servers. Full token values are only shown to the user once at the time of creation and cannot be retrieved thereafter.

3. Authentication Security

3.1 Multi-Factor Authentication (MFA)

Braille Link supports and strongly encourages multi-factor authentication for all users. MFA is enforced by default for Institution Administrators and Super Administrators. Users can enrol in MFA through their account settings. Supported MFA methods include authenticator app TOTP codes and email OTP verification.

3.2 Passkeys and Biometrics

Braille Link supports WebAuthn-based passkey authentication, allowing users to authenticate using biometric credentials (fingerprint, face recognition) or hardware security keys via their device's built-in authenticator. Passkeys provide a phishing-resistant authentication option and are recommended for high-privilege accounts.

3.3 Account Lockout

Accounts are automatically locked after 5 consecutive failed login attempts (default lockout duration: 15 minutes, configurable by platform administrators). Locked accounts can be unlocked automatically after the lockout period expires, by the user via email verification, or by an administrator through the management console. This measure protects against brute-force credential attacks.

3.4 Session Management

User sessions have a defined inactivity timeout (default: 25 minutes, configurable by institution administrators up to a maximum absolute session length of 8 hours). Sessions are invalidated upon explicit logout and are tied to the originating device context. Suspicious session activity (e.g., login from a new geographic location) may trigger an additional verification step.

3.5 Password Policy

Standard user passwords must be at least 5 characters to keep the system usable with Braille-first input. Administrator and privileged accounts must use stronger passwords and may be required to reset their password before elevated access is enabled.

4. Access Controls

4.1 Role-Based Access Control (RBAC)

Braille Link implements a hierarchical role-based access control system. Roles include: ROOT_OWNER, SUPER_ADMIN, INSTITUTION_ADMIN, PROGRAM_ADMIN, and USER. Each role carries a defined set of permissions, and users can only perform actions permitted by their assigned role. Institution Administrators are responsible for assigning appropriate roles within their workspace.

4.2 Feature Entitlements

In addition to role-based permissions, access to specific features (e.g., BRAILLE_ACCESS, WORKSPACE_ACCESS) is controlled through a granular feature entitlement system. This ensures that users have access only to the features they are authorised and licensed to use, even within a shared institutional account.

4.3 Least-Privilege for Internal Staff

Braille Link internal staff access to production systems is governed by the principle of least privilege. Staff members are granted only the minimum level of access required for their specific job function. Privileged access is reviewed quarterly and revoked when no longer required.

4.4 Admin Audit Logs

All administrative and security-relevant actions are logged in append-only audit records. Logged events include: user account creation and deletion, role changes, login successes and failures, MFA events, API key issuance and revocation, data exports, and billing changes. Institutional administrators can view audit logs for their own workspace. All audit logs are retained for a minimum of 2 years (730 days) before automated purging.

5. Infrastructure Security

5.1 Cloud Hosting

Braille Link is hosted on reputable cloud infrastructure providers that maintain their own rigorous physical and environmental security programmes, including ISO 27001 certification, SOC 2 compliance, and 24/7 data centre monitoring. Our cloud providers are responsible for the physical security of the hardware on which our services run.

5.2 Network Segmentation

Our production environment is isolated from development and staging environments using separate virtual networks (VPCs). Database servers are not exposed to the public internet; access is restricted to application layer services via private network rules.

5.3 Web Application Firewall (WAF)

WAF and network-level threat filtering are provided by our cloud infrastructure platform (Render), which maintains active protection against common web attack patterns including SQL injection, cross-site scripting (XSS), and other OWASP Top 10 vulnerabilities. At the application layer, we additionally enforce input validation, rate limiting, and request filtering controls.

5.4 DDoS Protection

DDoS mitigation at the network and transport layers is handled by our cloud infrastructure provider as part of its managed platform. Application-layer rate limiting is enforced by our own services to protect availability under high-load conditions.

5.5 Automated Backups

All production databases are backed up automatically by our managed database provider (Render Managed PostgreSQL), which performs daily encrypted backups stored in geographically redundant locations. Backup restorability is subject to the provider's service terms. Our recovery objectives are reviewed annually and communicated to institutional subscribers upon request.

6. Vulnerability Management

6.1 Security Assessments

Braille Link conducts regular security assessments including automated dependency scanning, static code analysis, and periodic penetration testing. Critical findings are triaged and remediated promptly according to the patch SLAs below.

6.2 Patch SLAs

• Critical severity vulnerabilities (CVSS 9.0–10.0): Patched within 24 hours of confirmed identification.
• High severity vulnerabilities (CVSS 7.0–8.9): Patched within 7 days.
• Medium severity vulnerabilities (CVSS 4.0–6.9): Patched within 30 days or in the next scheduled release.
• Low severity vulnerabilities (CVSS 0.1–3.9): Addressed in the normal development backlog; typically within 90 days.

6.3 Dependency Management

Third-party libraries and dependencies are monitored for known vulnerabilities using automated scanning tools. Known vulnerable components are updated or mitigated promptly in accordance with the patch SLAs above.

7. Responsible Disclosure Program

Braille Link welcomes responsible security research. If you discover a security vulnerability in our platform, we ask that you report it to us privately so we can address it before public disclosure.

7.1 How to Report

Report vulnerabilities by email to: support@tusomebraille.com

Please include in your report:

• A clear description of the vulnerability and its potential impact.
• Steps to reproduce or a proof-of-concept (PoC) — avoid storing or transmitting sensitive data as part of your PoC.
• The affected URL, endpoint, or component.
• Any relevant screenshots or HTTP request/response captures.
• Your contact information for follow-up.

7.2 Our Commitments to Researchers

• We will acknowledge receipt of your report within 2 business days.
• We will investigate and provide an initial assessment within 10 business days.
• We will keep you informed of remediation progress.
• We will not take legal action against researchers who act in good faith under this policy.
• We will credit you in our security acknowledgements (if you wish).

7.3 90-Day Disclosure Window

We ask that researchers allow Braille Link a 90-day period from the date of our confirmation of the vulnerability to implement a fix before publicly disclosing the details. If a patch cannot be completed within 90 days, we will discuss an appropriate disclosure timeline with you. We are committed to timely remediation and will not use this window to indefinitely delay disclosure.

7.4 Out of Scope

The following are outside the scope of our responsible disclosure programme:

• Social engineering or phishing attacks targeting Braille Link staff or users.
• Physical attacks against our infrastructure.
• Vulnerabilities in third-party services not under our control.
• Denial-of-service testing without prior written consent.
• Accessing or modifying accounts or data belonging to other users without their consent.

8. Compliance

8.1 FERPA Alignment

Braille Link is designed with FERPA (Family Educational Rights and Privacy Act) principles in mind for institutions serving students in relevant jurisdictions. When Braille Link processes student education records on behalf of an educational institution, we act as a "school official" providing legitimate educational services and do not use student data for any purpose other than providing the Service to that institution. Institutions remain the responsible party for their students' education records.

8.2 Data Residency

Braille Link processes data primarily in our primary cloud region. Institutional subscribers with specific data residency requirements should contact us at support@tusomebraille.com to discuss available options. We will accommodate data residency requirements where technically feasible and where required by applicable law.

8.3 Ongoing Compliance Reviews

We conduct annual reviews of our security and compliance posture against industry standards including ISO/IEC 27001 guidelines and OWASP best practices. Findings from these reviews drive improvements to our security programme.

9. Security Incident Notification

In the event of a confirmed security incident that results in unauthorised access to, disclosure of, or loss of personal data, Braille Link will:

• Notify affected users within 72 hours of becoming aware of the breach (or as soon as is practicable where the 72-hour window cannot be met), via email to the registered account address.
• Provide a clear description of the nature of the incident, the data affected, and the approximate number of users impacted.
• Describe the likely consequences of the breach and the measures being taken or proposed to address it.
• Notify relevant data protection authorities where required by applicable law.
• Publish a post-incident summary on our status page within 30 days of resolving the incident, describing what happened, what we did, and what changes we are making to prevent recurrence.

10. Contact

For security-related enquiries, vulnerability reports, or incident notifications, please contact us at:

• Security team: support@tusomebraille.com
• General support: support@tusomebraille.com
• Privacy enquiries: support@tusomebraille.com
• Website: tusomebraille.com

Security emails are monitored 24/7 for critical reports. We ask that you do not share vulnerability details through any channel other than email to our security address until a fix has been deployed.