Security

BonBonSafe is designed to help agencies receive sensitive client access details without using email, chat, or spreadsheets.

How credential requests work

Agencies create a branded request page and send a one-time link to the client. The client submits the requested information through the secure page. After submission, the public link is closed.

Encryption

Submitted text secrets are encrypted before being stored. Secrets are revealed only through authenticated agency dashboard actions. Reveal actions are logged in an audit trail.

Files

Credential files are stored in a private storage bucket. Agency users receive short-lived signed download links after authentication and ownership checks.

Best practices

  • Delete stored secrets after they are no longer needed.
  • Do not forward public request links to unauthorized people.
  • Use delegated access or temporary users when available.
  • Do not send passwords through email or chat.
BonBonSafe