Trust & Security
Brandgility is the marketing collateral management and digital asset management platform from Elateral Ltd. We’re ISO/IEC 27001:2022 certified and built for security-conscious enterprise customers.
Contact sales
Certifications & Compliance
Our Information Security Management System is independently certified and audited.
ISO/IEC 27001:2022
- Certified by: Approachable Certification Ltd
- Certificate No.: 11506-ISMS-001
- Initially registered: 2020
- Current certificate valid: 21 May 2026 – 20 May 2029
- Scope: information security in the provision of the SaaS templating & digital asset management platform for the production and deployment of centrally managed marketing campaigns.
UK & EU GDPR
We process personal data in line with the UK GDPR and the EU GDPR, supporting all data-subject rights. Data processing terms (DPA) form part of our Master Service Agreement.
Elateral is data processor for customer content and data controller for its own business data.
Security controls
A summary of the controls in place across our platform and organisation, aligned to ISO/IEC 27001:2022 Annex A.
Infrastructure & hosting
- Hosted on Microsoft Azure
- Data encrypted at rest — 256-bit AES (Azure service-side encryption, FIPS 140-2 compliant)
- Data encrypted in transit — TLS 1.2+ and SSH-2
- High availability & redundancy
- Automated, encrypted backups
- Infrastructure monitoring & alerting
Access control
- Role-based access control (RBAC)
- Configurable user roles & permissions
- Principle of least privilege
- Review & approval workflows
- Periodic access reviews
- Multi-factor authentication (MFA) available for all users via the identity provider
- SSO / SAML for enterprise customers
Product & application security
- Secure software development lifecycle
- Peer code review
- Vulnerability management & patching
- Audit logging of key actions
- Segregation of environments
- Independent annual penetration testing
Organisational & people
- Documented information security policies
- Defined security roles & responsibilities
- Staff security awareness training
- Confidentiality agreements
- Risk assessment & treatment process
- Supplier / sub-processor security governance
- Employee background screening
Data & privacy
- Data processor for customer content
- Data minimisation practices
- Defined data retention periods
- Data-subject rights supported
- Data deletion on request
- Published sub-processor list
Incident response & continuity
- Documented incident response policy (ISO 27001-aligned)
- Covers AI-related incidents
- Defined detection & containment steps
- Customer breach-notification procedures
- Business continuity & disaster recovery plan
- Annual disaster recovery testing
Governance
- ISO 27001-certified ISMS with regular surveillance audits
- Security policies maintained and reviewed
Data privacy
Elateral acts as data processor for customer content and data controller for its own business data. We support all data-subject rights — access, rectification, erasure, restriction, portability and objection. Data processing terms (DPA) form part of our Master Service Agreement.
Sub-processors
We use a small, vetted set of sub-processors. The authoritative, current list is maintained on our sub-processors page.
| Provider | Purpose | Region |
|---|---|---|
| Microsoft Azure | Hosting & infrastructure | United States |
| DNS Made Easy | DNS management | Global |
| Netlify | Web / content delivery | Global |
| Mailgun | Transactional email | United States |
Our full, maintained list is on the Sub-Processors page.
Responsible disclosure
We welcome reports from security researchers. If you believe you have found a vulnerability in Brandgility, please email privacy@brandgility.com with the details so we can investigate and respond. Please act in good faith and avoid accessing or modifying other users’ data.
Need more for your security review?
Our ISO/IEC 27001:2022 certificate and further security documentation are available on request, under NDA where applicable. Existing customers can reach out to their account executive; new enquiries can contact our sales team. Data processing terms (DPA) are included within our Master Service Agreement.
Contact salesLike to learn more about how Brandgility can help your organization?
Book a discovery call today