Search specific term/phrase surrounded by double quotes. e.g. “deep linking”
Exclude records that contain a specific term prefixed with a minus. e.g. Android -Firebase
Guides
Submit a TicketBranch DashboardBranch Dashboard

Shared Responsibility

Learn about the shared responsibility model that Branch uses to run our operations.

Suggest Edits

Overview

Branch provides an industry leading mobile linking and measurement platform that unifies user experiences and attribution across devices, platforms, and channels. Branch understands the inherent risks of operating its Service in a digital landscape where cyber attackers are looking for opportunities to compromise data.

Branch operates its Service under a shared responsibility model by which the responsibility for certain security and compliance elements is shared between Branch and its customers. Branch provides appropriate technical and organizational measures to ensure the security and privacy of the Service infrastructure.

Customers are responsible for their implementation of the Service and configuration of the security, privacy, and retention settings within the Service.

If a customer can control a parameter within the Services, then the customer is responsible for ensuring it is configured to meet their compliance needs.

This shared responsibility model enables Branch to provide customers with a Service that can be configured to empower our most security conscious customers to enhance their end user’s experience and improve measurement performance across their business.

Branch’s commitment to providing a secure experience for its customers works in tandem with the customer’s responsibility for adhering to certain standards and practices as a subscriber to the Service as further outlined below.

Access Controls and Configuration

Branch’s Responsibilities

  • Promote and maintain robust security and privacy measures within the Service to protect the confidentiality, integrity, and availability of data which includes the maintenance and configuration of Branch’s Software Development Kit (SDK), cloud infrastructure, and the operating software deployed on its cloud infrastructure.
  • Maintain secure system access for its personnel, including role based security access, with multi-factor authentication and password access control.
  • Provide multiple security controls and settings that can be configured by customers to address their security needs.

Customer’s Responsibilities

  • Implement the Service and configure appropriate controls in line with Branch’s Documentation, acceptable use guidelines, and industry leading security practices or customer’s own internal security policies.
  • Assign proper roles and permissions to authorized users, along with robust user provisioning processes that incorporate the principle of least privilege, to ensure that authorized users only have the minimum access necessary to perform their pre-specified duties.
  • Implement and enforce secure authentication (e.g., SSO, MFA) on customer-managed interfaces.
    Maintain and configure its own mobile applications, marketing materials, websites, and other assets or digital properties that the customer deploys the Service in.

Privacy and Data Security

Branch’s Responsibilities

  • Conduct security vulnerability scanning and penetration tests on the cloud environment and employ system monitoring tools to detect system events for suspicious activity.
  • Patch and repair flaws within the cloud infrastructure, the operating software deployed on its cloud infrastructure, and the SDK it makes available to customers.
  • Maintain a security incident response program that is tested regularly.
  • Perform third-party security assessments and audits.
  • Protect data from external threats through appropriate cloud security controls including the encryption of data at rest and in transit over public networks.
  • Provide an additional level of data protection with field-level encryption for customers utilizing the Advanced Compliance Service.
  • Maintain a range of industry standard third-party audit certifications available at https://www.branch.io/security.
  • Maintain a documented data privacy statement that describes what data Branch collects, how it is used, and how it is shared available at https://branch.io/privacy.
  • Provide routine security awareness and privacy training to Branch personnel.
  • Comply with laws and regulations applicable to Branch’s provision of the Service.

Customer's Responsibilities

  • Ensure that any data uploaded to the Service complies with applicable laws and regulations, Branch’s Acceptable Use Policy, and industry best practices.
  • Implement internal policies and guidelines designed to protect data processed through the Service and provide routine security awareness and privacy training to personnel.
  • Understand where data may be shared with a third-party through an integration or other optional configuration, and treat such channels or configurations in accordance with customer’s security policies and approved use cases.
  • Monitor all activity within customer’s instance of the Service including timely review of audit logs.
  • Notify Branch immediately when customer becomes aware of, or suspects that a security vulnerability exists, or that a data breach or security incident involving the Service has occurred or is likely to occur.
  • Promote the secure deployment and maintenance of all third party integrations it configures within the Service and ensure continuous monitoring and incident response on customer and third-party integration assets.
  • Maintain and apply security updates, patches, and fraud detection and prevention measures to its own infrastructure used to access the Service.

Additional Resources

Please visit the pages below for more information about the topics mentioned above.

Branch Help Center

Branch Legal Center

Branch Website

Updated about 1 month ago