1. Security Objectives
Beezifi Inc. is committed to maintaining the confidentiality, integrity, and availability of account data, press release content, and service operations. Our controls are designed to protect customer workspaces and the public press room from unauthorized access and abuse.
2. Core Controls
- Account-level isolation: each company workspace is isolated and only accessible to authenticated account holders.
- Password hashing using bcrypt with an appropriate cost factor.
- Optional two-factor authentication (TOTP) for all accounts.
- API key authentication with scoped access for developer integrations; keys are hashed at rest and displayed only once at creation.
- Session management using secure, HttpOnly cookies with server-side session invalidation on logout.
- Secure software development and dependency management practices.
3. Infrastructure and Operational Security
- Payment processing delegated entirely to Stripe — Newswire does not store raw card numbers or full payment credentials.
- Network-level protections and traffic restrictions on server infrastructure.
- System and dependency updates through managed patch cycles.
- Monitoring, alerting, and access review processes for service operations.
- Database backups and recovery procedures aligned with service continuity requirements.
4. Account Holder Responsibilities
Account holders are responsible for:
- Keeping login credentials confidential and not sharing them with unauthorized parties.
- Enabling two-factor authentication for additional account protection.
- Revoking API keys promptly if they are compromised or no longer needed.
- Ensuring that press release content published through the platform complies with applicable laws and does not contain malicious code or links.
5. Vulnerability Disclosure
If you believe you have discovered a security vulnerability, report it promptly to security@beezifi.com with sufficient detail to reproduce and validate the issue.
- Please avoid testing methods that could degrade service availability.
- Do not access or modify data that does not belong to you.
- We request responsible disclosure and reasonable time to investigate and remediate.
6. Incident Response
We maintain incident handling procedures that include detection, triage, containment, remediation, and post-incident review. Where required by law or contract, affected parties will be notified in line with applicable obligations.
7. Policy Updates
We may revise this Security Policy as our controls and services evolve. Updates will be posted with a revised effective date.
8. Contact
For security matters, contact:
For urgent security issues, include "URGENT SECURITY" in your subject line when contacting security@beezifi.com.