BlinkMetrics Security Policy

BlinkMetrics is committed to ensuring the highest standards of security for our customers. Our security practices are designed to protect customer data and meet compliance obligations. Below, we outline the measures we have in place.

1. Data Centers

• BlinkMetrics leverages a multi-cloud infrastructure for hosting services, primarily using Google Cloud Platform (GCP), with Amazon Web Services (AWS) as a secondary provider to support high availability and disaster recovery.
• Both GCP and AWS data centers are certified for compliance with ISO 27001, SOC2, PCI DSS, and other industry standards. These facilities employ multiple layers of security, including secure perimeter defense, biometric authentication, comprehensive camera coverage, and 24/7 guard staff.
  • Learn more about GCP’s security measures
  • Learn more about AWS’s security measures

2. Host Security

• Server Configuration: DNS and web requests are routed through Cloudflare and secured with custom rules and Cloudflare-managed OWASP rulesets.
• Service Isolation: BlinkMetrics uses a microservices architecture and containerization to isolate services and minimize attack surfaces.
• Remote Access: Access is restricted to authorized personnel via key authentication, explicitly allowed IPs, and two-factor authentication (2FA).

3. Network Security

• Firewall and Segmentation: A Cloudflare firewall protects all traffic. Sensitive network traffic is further secured with stricter rules.
• Intrusion Detection: On-server and network-level monitoring systems detect and alert on potential threats.
• Encryption in Transit: All data in transit is encrypted using TLS v1.3.

4. Data Storage

• Encryption at Rest: Data is encrypted using AES-256.
• Key Management: Encryption keys are managed via Google Cloud Key Management Service (KMS) and AWS Key Management Service (KMS), depending on the hosting environment.
• Device Policies: Local storage of customer data on employee devices is prohibited.

5. Monitoring and Incident Response

• Monitoring: Systems are monitored 24/7 using tools like Cloudflare health checks, Checkly for end-to-end and API tests, and Flare for error logging.
• Incident Response: Potential security incidents are escalated to the lead developer and investigated within one business day.
• Uptime SLA: BlinkMetrics guarantees a 99.9% uptime SLA.

6. Penetration Testing and Vulnerability Management

• Penetration Testing: Quarterly internal penetration tests identify vulnerabilities.
• Remediation: All vulnerabilities are addressed and documented promptly.

7. Internal IT Security

• Credential Management: Critical credentials are secured using KMS or encryption at rest.
• Access Control: Role-based permissions with granular capabilities ensure access is limited to authorized personnel.
• Employee Training: Employees are trained on handling sensitive data and must adhere to updated security policies annually.

8. Disaster Recovery and Business Continuity

• Redundancy: Load balancers and cloud orchestration tools ensure failover to a secondary infrastructure hosted on AWS in case of a disruption to primary GCP services.
• Backup Policy: Daily backups are retained for 90 days.
• Testing: Recovery operations are tested annually, with successful results.

9. Compliance and Certification

• BlinkMetrics does not currently maintain external compliance certifications but relies on certified infrastructure provided by Google Cloud Platform (GCP) and Amazon Web Services (AWS), both of which maintain compliance with ISO 27001, SOC2, PCI DSS, and other major frameworks.
• All third-party providers meet compliance standards.

10. Data Minimization and Retention

• Data Deletion: Policies ensure Personal Data no longer required is deleted or archived.
• Retention Period: Archived and backup data are retained for 90 days.

11. Data Portability and Erasure

• Data Export and Deletion: Customers may request data export or deletion. Data is deleted and resources are terminated within GCP and AWS environments, depending on where the data is stored, to prevent recovery.

12. Event Logging and Audit Trails

• Logging: Critical administrative operations are logged.
• Log Management: Logs are aggregated and monitored using Flare. Learn more about Flare’s privacy policy.

13. Physical Security

• BlinkMetrics relies on Google Cloud Platform’s world-class physical security for its data centers. This includes biometric authentication, perimeter defenses, and 24/7 surveillance.

14. Configuration and Governance

• System Configuration: Instances are created from centrally managed Docker images and snapshots.
• Policy Review: Security policies are reviewed and updated quarterly.
• Acknowledgment: Employees acknowledge and adhere to updated policies annually.

15. Additional Assistance

• Compliance Support: BlinkMetrics assists clients with their compliance obligations through data protection agreements and by implementing encryption, data minimization, and user consent mechanisms.
• International Data Transfers: Compliance with international data transfer standards is ensured through encryption and privacy-focused design.

BlinkMetrics is committed to maintaining and enhancing its security measures. If you have further questions, please contact us at [email protected].