blink-logo-white
  • Why BL.INK?
  • Products
  • Solutions
  • Pricing
  • Resources
  • Support
login to blink Login
Get a Demo
Icon-3

Features

Where we shine

Icon-nav-flexi

Flexibility

Editable links

Icon-nav-security

Security & Compliance

SOC2, GDPR, HIPAA

Support for Short URLs & QR codes

Service & Support

Clients love BL.INK

Icon-nav-vs-competitors

BL.INK vs. the Rest

Compare us to anyone

Icon-nav-integrations

Open API & Integrations

We work with your tech

Branded, shortened URLs

Branded Links

Full link management

Rules-based routing

Rules-Based Link Routing

Customize experiences

Customized landing pages

Power Pages

Easy custom landing pages

SMS at Scale

SMS at Scale

Personalized messaging

QR codes

QR Codes

QR code with each link

E-Link

E-Link

Let anyone create links

Broken Link Management

Broken Link Monitoring

No more 404s

Structured data

Structured Data

Empowered analytics

Icon-nav-enterprise-product

BL.INK Enterprise

Unlimited options

BL.INK CXP

BL.INK CXP

Dynamic mobile microsites at scale

Icon-nav-core-product

BL.INK Core

Feature-rich self-serve QR codes & short links

Icon-nav-GS1

GS1 Digital Link

2D barcodes for optimal consumer engagement

Smartlabel QR codes

Connected Packaging

Customized QR codes for variable printing and packaging

Marketing ROI analysis

Marketing ROI

Structured attribution data for optimized analytics

HIPAA compliant short links

Healthcare

HIPAA-compliant, BAA-ready links & QR codes

Icon-nav-enterprise-product

BL.INK Enterprise

Pricing requires a quote request

CXP

BL.INK CXP

Pricing requires a quote request

Icon-nav-core-product

BL.INK Core

Monthly pricing that starts with a free trial

Icon-nav-integrations

Knowledge Base

Tons of articles, videos

Icon-nav-support

Get Help

Submit a ticket here

BL.INK Open API

For Developers

Open API documentation

BL.INK Security Preparedness 101

At BL.INK, we uphold a stringent policy that safeguards the privacy and security of our short links and QR codes.

We do not grant permission for any search engine to index our short links. This intentional measure ensures that the content and destinations associated with our short links remain within the scope of intended audiences, providing an extra layer of control and confidentiality for both our users and their shared resources.

In addition to this commitment, we have summarized the most common questions for those organizations that put security and compliance at the forefront like we do. 

BL.INK's Overall Security Posture

BlinkSOC2-ISO27001

Legal Name

Blink Global LLC, A Delaware Corporation. 

Transparency

BL.INK publishes documentation of our compliance against global standards including certifications, policies attestations, audit reports and real-time evidence monitoring at https://bl.ink/trust. 

Certifications

BL.INK is SOC 2 Type 2, accredited by MJD Advisors, 2024. 

BL.INK is ISO/IEC 27001:2022 Certified by Intercert, August 2024. 

BL.INK is HIPAA compliant.

GDPR

This page lists our ongoing efforts to maintain compliance with the EU’s General Data Protection Regulation (GDPR). Please visit: https://bl.ink/gdpr 

Penetration Testing

BL.INK performs two penetration tests per year.

Request a Signed Data Processing Agreement (DPA)

You can request an official copy here. 

Product Security

Uptime

BL.INK boasts an uptime rate of 99.9% or higher, ensuring continuous service availability, please visit http://status.bl.ink to monitor the status of our systems and see our historic availability.

Permissions

BL.INK offers role-based access control for user seats within the application. Permission levels encompass control over app settings and billing, account configurations such as domains and link parameters, and visibility and control over links and data.

Single Sign-On (SSO)

BL.INK enforces SSO to authenticate users within their own systems, eliminating the need for additional login credentials. SSO can be offered within an Enterprise account upon request, and may be factored in to the subscription cost.

Password and Credential Storage

Alongside SSO, BL.INK maintains a robust password complexity standard using a minimum of 16 characters and secures credentials using advanced hash algorithms.

Network and Application Security

Data Hosting and Storage

BL.INK utilizes Amazon Web Services (AWS) facilities in the USA East 1, East 2 and West 2 region to host its services and data. We are able to host data in other geographies upon request within an Enterprise account, at an additional cost.

Virtual Private Cloud (VPC)

All BL.INK servers reside within a virtual private cloud equipped with network access control lists to prevent unauthorized requests.

Encryption at Rest

The BLINK Information Security Policy mandates that data is always encrypted at rest. Our databases, disks and file systems use Advanced Encryption Standard (AES) XTS-AES-256 block cipher in concert with the AWS Key Management Service (KMS).

SSL Encryption

All data transmitted to and from BL.INK is encrypted using 256-bit encryption. The API and application endpoints score an "A+" rating on Qualys SSL Labs' tests. 

TLS Encryption

All Communications use Transport Layer Security (TLS) Version 1.2 and higher.

Failover and Disaster Recovery (DR)

BL.INK's infrastructure and data are distributed across two AWS availability zones, designed with disaster recovery capabilities. Recovery Point Objective of 12:00 am central time and Recovery Time Objective (RTO) of 4 hours. 

Backups and Monitoring

BL.INK employs Amazon RDS's daily backup solution for databases containing customer data.

Permissions and Authentication

BL.INK operates entirely over HTTPS. Customer data access is limited to authorized personnel. A zero-trust network model is maintained, supplemented by SSO, 2-factor authentication (2FA), and strong password policies.

QR Code Privacy, Security, and Compliance

At BL.INK, we understand that privacy and security are top concerns, particularly for older consumers. Our QR code platform adheres to the highest standards of privacy, security, and data protection across the unique legal requirements around the world. 

QR Code Data Security: No Transmission of Personal Identifiable Information (PII)

QR codes generated by BL.INK do not store or transmit personal identifiable information (PII). The codes simply direct users to a secure URL or landing page. Any data captured (e.g., through forms on landing pages) is under the control of the organization generating the QR code and is handled according to their privacy policy. See our HIPAA compliance documentation.

QR Code Data Security: Data Minimization

We follow data minimization principles by ensuring that QR codes themselves do not contain sensitive or private data. This reduces the risk of data exposure in the event of unauthorized access.

Compliance with Global Privacy Standards

Our platform is fully compliant with international data protection laws and regulations, including:

  • General Data Protection Regulation (GDPR): We adhere to GDPR's core principles by providing transparency, protecting user data, and respecting user rights. Organizations using BL.INK QR codes can manage data subject requests such as access, rectification, or deletion of information.

  • Health Insurance Portability and Accountability Act (HIPAA): BL.INK's QR code platform supports HIPAA compliance by ensuring no PHI is stored or transmitted within the QR codes. All links are encrypted with secure HTTPS protocols, and we provide Business Associate Agreements (BAAs) to safeguard protected health information. Our platform undergoes regular security audits and supports advanced access controls to meet HIPAA’s privacy and security requirements. 

  • California Consumer Privacy Act (CCPA): BL.INK provides mechanisms for customers and their users to manage data requests in compliance with CCPA regulations, including the right to opt-out of data collection and disclosure.

Organizational Recognition and Certification

  • BL.INK only works with verified and approved customers and organizations to generate QR codes on approved domains. These organizations are responsible for implementing secure and certified practices in handling any data collected through QR codes and to the final link destinations. 

  • Every QR code generated on the BL.INK platform is monitored to ensure accuracy, privacy, and security.

Incident Response

BL.INK follows a structured protocol for handling security events, involving escalation procedures, swift mitigation, and post-incident analysis. All employees and contractors are well-informed about these policies. Request the removal of personally identifiable information and/or account data by emailing privacy@bl.ink and we will respond within 72 hours. 

Additional Security Measures

Confidentiality

Confidentiality agreements are integral to all BL.INK employment contracts, emphasize the protection of sensitive information.

Background Checks

Background verification checks for all candidates, employees and contractors are carried out in accordance with relevant laws, regulations, and ethics, and proportional to the business requirements.

Privacy

BL.INK regularly updates our privacy policy and monitors changing standards. Please visit: https://www.bl.ink/privacy-policy. Request the removal of personally identifiable information and/or account data by emailing privacy@bl.ink and we will respond within 72 hours.

Terms of Service

Please visit https://www.bl.ink/terms-of-service.

Training

Every BL.INK employee and contractor undergoes annual Security and Awareness training to foster a security-conscious software and operational culture. Regular monthly training is also conducted and audited by our Chief Operations Officer.

Policies

BL.INK maintains an evolving set of comprehensive security policies, encompassing various topics and shared across the organization. You may review current policies at http://bl.ink/trust. 

PCI Obligations

Credit card payments for BL.INK subscriptions are managed through Chargebee, a partner with strong security measures and PCI compliance. BL.INK itself is also PCI Compliant, via self-attestation. 

GS1 Solution Partner

gs1-ch-partner-logo

 

    Product

    • Features
    • Pricing
    • Login
    • Sign Up
    • Quote Request

    Resources

    • API Documentation
    • Blog
    • Help Center
    • Case Studies
    • GDPR

    Company

    • About
    • Customers
    • Careers
    • Security & Compliance
    • Partner with BL.INK
    • Contact Us

    Recent blog posts

    GS1 Digital Link at SWSX 2025

    A New Era for the Barcode: How BL.INK Is Powering Smarter Packaging

    Branded short links in healthcare marketing

    Authenticating Healthcare Content with Branded Short Links

    HIPAA-compliant short links for healthcare patient engagement

    Navigating Healthcare: AI, Digital Transformation & Patient Engagement

    blink

    © BLINK

    Terms of Service | Privacy Policy | Registrant Benefits & Responsibilities | ICANN Educational Information
    Follow us on LinkedIn Follow us on Facebook Follow us on Twitter