Brightlife Advisor is built for financial advisors who handle sensitive client information. Here is a plain-English overview of the technical and operational controls we have in place.
Last updated: June 1, 2026
All passwords are hashed using bcrypt before being saved to the database. The original password is discarded immediately and cannot be retrieved by anyone — including us. Authentication is done by comparing hashes, never plaintext.
We issue signed JSON Web Tokens (JWTs) for every session — no third-party login provider has access to your credentials. Tokens expire automatically, and role-based access control ensures advisors, clients, and administrators can only reach the resources they are permitted to access.
Each advisor's prospects, client records, and documents are strictly scoped to their account at the database query level. An advisor cannot access another advisor's data — not through the UI, and not through the API.
Every file upload is validated against a strict allowlist of permitted MIME types (images and PDF only) with enforced size limits. File extensions are derived from the actual file type rather than the attacker-supplied filename, preventing disguised executables from being uploaded.
Email verification links and account deletion confirmation links are backed by cryptographically random tokens. Only a SHA-256 hash of the token is stored in our database — even if our database were read by an unauthorised party, live tokens could not be extracted from it.
All communication between your browser and our servers uses HTTPS/TLS. Data is never transmitted in plaintext over the network, protecting it from interception in transit.
Brightlife Advisor runs on a self-hosted stack — we don't rely on third-party platforms that have opaque data-handling practices.
If you believe you have discovered a security vulnerability in Brightlife Advisor, please contact us directly rather than disclosing it publicly. We take all reports seriously and will respond promptly.
Email us at security@brightlife-advisor.com.