Brightenly Passes CASA Tier 2 Security Assessment
Brightenly has officially passed Google’s CASA Tier 2 Security Assessment, a big milestone that shows we truly protect your client emails and business data. We’re proud to give freelancers and small teams a platform they can trust with their most important conversations.
Nov 26, 2025
We know you're trusting Brightenly with something incredibly sensitive: your client conversations and your business data.
Today, we're happy to share an important update:
Brightenly has passed the Cloud Application Security Assessment (CASA) Tier 2, verified by TAC Security, an App Defense Alliance (ADA) recognized assessor. |
CASA is a security framework from the App Defense Alliance — a group that includes Google, Microsoft, and Meta. It's an external, independent check that our platform meets rigorous requirements for protecting your data.
Why this matters for you and your clients
1. Your business data is protected by an independently verified standard
Brightenly is often the place where you read and reply to client emails, store notes and decisions from conversations, and track deals, invoices, and commitments. This is your business — and it deserves real protection.
CASA Tier 2 holds us to a rigorous, well-defined security standard — verified by an independent third party, not just our own word. For you, that means fewer unknowns about how your data is handled and more confidence that your information stays private, protected, and only accessible to you.
2. Something you can show to your clients
Many of our users work with clients who ask questions like: "Is our data safe with you?" or "What do you use to manage emails and client info?" or "Do you have any security certifications?"
Now you can say: "The tool I use (Brightenly) has passed the CASA Tier 2 security assessment required by Google, verified by an independent assessor." |
That sentence alone goes a long way in vendor questionnaires, contracts, and trust-building conversations.
3. Confidence when you connect your Google account
Google doesn't allow just any app to access sensitive user data. For apps requesting access to Gmail, Drive, or other restricted scopes, Google requires them to pass CASA Tier 2 through an authorized assessor.
By passing this assessment, Brightenly demonstrates that our entire platform — not just the Gmail connection — has been independently reviewed against the security standards required by Google.
At a Glance
Assessment | CASA Tier 2 (Cloud Application Security Assessment) |
Required by | Google, for apps accessing sensitive user data (Gmail, Drive, etc.) |
Assessed by | TAC Security — an App Defense Alliance (ADA) recognized assessor |
Standard | OWASP ASVS (industry-recognized security framework) |
Result | Passed — no vulnerabilities in final review |
What is CASA Tier 2, in simple terms?
CASA (Cloud Application Security Assessment) is a security framework created by the App Defense Alliance, a group led by Google, Microsoft, and Meta to raise the security bar for cloud applications.
When an app like Brightenly requests access to sensitive Google data — like your Gmail — Google requires that app to pass CASA Tier 2. But the assessment doesn't just test the Gmail connection. It evaluates the entire platform's security posture.
An independent security lab (in our case, TAC Security, an ADA-recognized CASA assessor) reviews the app against a comprehensive list of security checks, based on an industry standard called OWASP ASVS.
In practical terms: CASA Tier 2 is a structured way for an outside specialist to ask, "Is this platform handling user data in a safe, modern, and responsible way?" — and to put that answer in writing for Google and for you.
What was actually tested?
Without going deep into technical jargon, here's what the lab evaluated across Brightenly's platform:
How you log in
Secure login with Google. Protection against unauthorized access or someone hijacking your session.
How we protect your data
Your information is scrambled (encrypted) when it travels between Brightenly and your browser, and when it's stored on our servers. Even if someone intercepted it, they couldn't read it.
Who can see what
Your data is completely separate from other customers. One business can never see another's information.
How we find and fix issues
Automated scanning to catch security problems. Clear processes for fixing anything that's found.
How we watch for problems
Logging of security-relevant activity. Systems to detect and respond to anything suspicious.
The assessment that led to our Letter of Validation reported no vulnerabilities in the final review used for CASA Tier 2. That validation is shared with Google via the CASA portal and forms part of our Gmail OAuth verification. |
Our security philosophy (beyond CASA)
CASA Tier 2 is an important milestone for Brightenly, but it's not the finish line.
The assessment validated our security controls. Going forward, we're committed to:
• Ongoing security scanning and hardening — not just at certification time
• Keeping each customer's data completely separate from others
• Clear data practices in our Terms and Privacy Policy so you know what we store and why
We treat CASA as a baseline, not a marketing checkbox.
A message from Brightenly
"Our users are freelancers and small teams who carry heavy responsibility for their clients, often without a big IT department behind them. Passing CASA Tier 2 is our way of saying: we're sharing that responsibility with you. We'll keep investing in security so you can keep focusing on the work only you can do." — Tomo, Founder & CEO, Brightenly |
What's next
Over the coming months, we'll:
• Make our security and privacy documentation more user-friendly
• Continue improving encryption, logging, and access controls as Brightenly grows
• Share more about how to talk to your own clients about security when you use Brightenly as part of your workflow
If you have questions about Brightenly's security posture, or you'd like a short summary you can share with your clients or compliance team, you can always reach us at contact@brightenly.io.