- All the manifest/video fragments will deliver can be delivered via HTTPs. The video fragments can be encrypted via DRM.
- Our URLs are encrypted using a token to ensure protection against deep linking.
- Our APIs are accessible only via a valid token and protected with https.
Even if we are aiming to provide the most secure platform possible, it is possible that we may have missed things. In that context, we welcome and reward vulnerability reports from the security community and run a private bug bounty program on OpenBugBounty.
If you believe you have discovered a vulnerability on the broadpeak.io platform, please request an invite to our bounty program on OpenBugBounty.
Information Security Management System
As part of our security commitment, we follow industry standard best practices. We have implemented an ISMS that meets the main requirements of the ISO 27001:2013 standard, and that guides security on our activities and products.
Privacy and Data Protection
As a company with an HQ in Europe, we are subject to the General Data Protection Regulation, which is protecting your personal data. Broadpeak.io will ensure you the same rights: we design and build our solution with consideration of the data protection principles and we provide safeguards to protect data at all levels.
It is in our DNA to build a system around the protection of data from our and your customers and employees. Every data collected by the platform, including personal data, is collected only if needed and transparently handout or deleted based on our customers’ requests.
See the privacy page for more details.
Our logging methodology is compliant with GDPR, which is allowing us to check any fraudulent traffic coming to the platform and will identify attacks.
The broadpeak.io platform is under a constant monitoring by the Broadpeak NOC. Using this 24×7 team, we are in the capacity to identify any issues caused by attacks or hardware/application failure that occur on our service. This aims to propose a service continuity as high as possible to our customers.
The streams configured in our platform to create your projects will be monitored by the Broadpeak.io platform. We will provide you with notifications and insights 24/7 in case source streams have issues or if we detect that we are not in a situation to contextualize your streams for any reasons.
All our API are monitored, and their status are available on that page. We advise you to check it out in case of issues to call APIs, or to log into the broadpeak.io platform. A status will be shared transparently for any event happening on the platform.
Our service is a SaaS which aims to answer to most of the needs of our industry. In that sense our API are generic and are aimed to be easy to use. Nevertheless, it may happen that some customers may look for specific features.
In that case, please contact us to discuss further on how we can adapt our service for you.
Ad fraud fight
- It is part of our mission to fight ad fraud. Our industry has been heavily touched by this, and Broadpeak.io has been created to fix part of the issues of the Ad Tech industry.
- Our solution will help by proposing several features helping fighting ad fraud. We follow all the best practices pushed by the Media Rating Council and are also certified by the IAB to certify our ad tracking.
- Our ad deliveries can be fingerprinted in order to make sure that the ads which was chosen to be delivered will be.
- We are whitelisting only legit ad servers into our system. No fraudulent ad servers will be able to control our system for you. We will always use TLS between our system and the ad servers.
Certification & Compliance