Blink Global LLC Security

Protecting and securing data at Blink Global LLC is our top priority.

Infrastructure

System architecture

Blink Global LLC’s architecture is designed to be secure and reliable. We use an n-tier architecture with firewalls between each tier and additionally within certain tiers between services. Services are accessible only by other services that require access. Access keys are rotated regularly and stored separately from our code and data.

Failout and disaster recovery

Blink Global LLC is built with fault tolerance capability. Each of our services is fully redundant with replication and failover. Services are distributed across multiple AWS availability zones. These zones are hosted in physically separate data centers, protecting services against single data center failures.

Data centers

Our application is hosted and managed within Amazon Web Services (AWS) secure data centers. These data centers have been accredited under:

  • ISO 27001
  • SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 - Type II)
  • PCI Level 1
  • FISMA Moderate
  • Sarbanes-Oxley (SOX)

We make extensive use of the capabilities and services provided by AWS to increase privacy and control network access throughout our system. Documents that provide more details about AWS security are available at AWS Whitepapers.

Vulnerability scans & pentesting

Blink Global LLC uses security tools to continuously scan for vulnerabilities. Additionally, vulnerabilities in third-party libraries and tools are monitored and software is patched or updated promptly when new issues are reported.

The system regularly undergoes third-party security reviews and penetration testing to identify potential vulnerabilities and ensure that they are addressed.

Firewall

Our servers are protected by firewalls and not directly exposed to the Internet.

Corporate network

Blink Global LLC runs a zero-trust corporate network. There are no corporate resources or additional privileges from being on Blink Global LLC’s corporate network.

Data

Data storage

Blink Global LLC data stores are accessible only by servers that require access. Access keys are stored separately from our source code repository and only available to the systems that require them. Additionally, production environments are sandboxed from testing environments.

Backups

We maintain secure encrypted backups of important data for a minimum of 30 days. We do not retroactively remove deleted data from backups as we may need to restore it, if removed accidentally. Backup data is fully expunged after 90 days.

Logs

We aggregate logs to secure encrypted storage. All sensitive information (including passwords, API keys, and security questions) is filtered from our server logs. Log data is fully expunged after 90 days.

Authentication

Passwords

We never store passwords in a form that can be retrieved. Instead, we store an irreversible cryptographic hash using a function specifically designed for this purpose. Authentication sessions are invalidated when users change key information and sessions automatically expire after a period of inactivity.

Two-factor authentication

We provide optional two-factor authentication (we call this 2-step security) to all accounts. 2-step security affords you greater protection on your account. Once enabled, you will be asked for a code that we send to your mobile phone in addition to your username and password when signing into Blink Global LLC.

Monitoring

We monitor and rate limit authentication attempts on all accounts.

User roles

We provide multiple user roles with different permissions levels within the product. Roles vary from account owners, to admins, users, and roles that limit visibility of Personally Identifiable Information (PII).

Encryption

HTTPS

All Blink Global LLC web traffic is served over HTTPS. We force HTTPS for all web resources, including our REST API, web app and public website. We also use HSTS to ensure that browsers communicate with our services using HTTPS exclusively. Additionally, we use only strong cipher suites.

Encryption

Our primary databases, including backups are fully encrypted at rest. In addition, all archives and logs are fully encrypted at rest. We use industry standard encryption algorithms.

Policies

Policies

Blink Global LLC has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with employees.

Incident response

Blink Global LLC has a defined protocol for responding to security events.

Security training

All employees complete security training when they join and are continually refreshed.

Employee vetting

Blink Global LLC performs background checks on all new employees in accordance with local laws. The background check includes employment verification and criminal checks for US employees.

Confidentiality

All employees have signed confidentiality agreement with Blink Global LLC.

PCI compliance

All credit card payments paid to Blink Global LLC go through our payment processing partner, Authorize.net. Details about their security posture and PCI compliance can be found at Authorize.net and Visa PCI DSS page.

Disclosure

If you have any concerns or discover a security issue, please contact us directly. Our Security team will acknowledge receipt of each vulnerability report, conduct a thorough investigation, and then take appropriate action for resolution. We request that you do not publicly disclose any issue you discovered until after we have addressed it.