Product Security ūüĒí

We’re committed to keeping your data secure & your private information private.

We do not store your data

TLS data encryption in transit, AES-256 at rest

GDRP compliant

Authentication ūüĒź

Each request on the Bliinx API is authorized by the OAuth2 protocol.

OAuth Tokens 

Bliinx does not read or store user passwords. The OAuth2 protocol is used to authenticate users. The tokens received are encrypted and then kept until expiration in our systems.

User consent

User consent is first given to obtain access to external data belonging to the user. 

Data¬†ūüíĺ

Data in transit

Also known as "active data" is data that moves from one place to another through Internet transport or networks. The transports used for this data are secured with HTTPS/TLS.

Data at rest

This type of data is one that includes storage on disks or physical devices. It is less susceptible to interception and is often considered the most valuable to hackers. Security on this kind of data also aims to block the theft of data from within (employee or worker in contact with the database). Bliinx uses Azure Disk Encryption AES (AES Encryption on Azure Disks) 256-bit cryptography to protect data.

Data segmentation

Data segmentation in Bliinx systems is done both by a company and by a user. Bliinx ensures that when data is accessed, only users with permissions to do so can.

Stored data 

Bliinx must keep metadata from user emails and events to ensure the proper functioning of its interaction analysis and research ecosystem. This metadata is encrypted on Azure disks (Read more on Azure Disk Encryption). The content of emails and events is not kept by Bliinx at any time. 

OAuth Tokens 

Bliinx does not read or store user passwords. The OAuth2 protocol is used to authenticate users. The tokens received are encrypted and then kept until expiration in our systems.

External sensitive data 

In order for Bliinx to be able to search and present relevant results, a system must index the header (metadata) of email messages and user events. At no time does Bliinx store the content of emails and events. User consent is first made before this operation. Sensitive content is never placed in Bliinx storage, it will be accessed directly from the external data provider as needed.

Access control 

  • Bliinx¬†uses RBAC to manage access to resources.¬†
  • Bliinx¬†employees have access to environments with generated¬†data¬†
  • Access to production servers is managed by Azure Active Directory access¬†control¬†
  • Access to systems administrative panels is limited to¬†Bliinx¬†DevOps employees and is protected by RBAC and Azure Active Directory¬†

 

Infrastructure and networks ūüĆź¬†¬†

Bliinx services are based on Azure hosting.

Private network 

Bliinx services are all isolated in a virtual private network protected by firewall and access control rules.

External entry point 

Bliinx’s infrastructure only exposes one API outside of its private network. This API is put forward thanks to the Nginx reverse-proxy system configured with asymmetric encryption. 

Continuous monitoring ūü߆

DDoS protection Protects 

Bliinx resources against Denial of Service (DDOS) attacks.

Alert management

Allows us to notify our team 24/7 of breakdowns/failures or intrusion into our systems.

Metrics management

Visualize and adjust the virtual and material components according to the demands on our resources.

Request management

View requests on systems to see latency and requested resources.

Questions?

Chat with us live

Use the chat box at the bottom right of the screen ūüí¨

Email our team

Email us at support@bliinx.com