BL.INK Security Preparedness 101
At BL.INK, we uphold a stringent policy that safeguards the privacy and security of our short links and QR codes.
We do not grant permission for any search engine to index our short links. This intentional measure ensures that the content and destinations associated with our short links remain within the scope of intended audiences, providing an extra layer of control and confidentiality for both our users and their shared resources.
In addition to this commitment, we have summarized the most common questions for those organizations that put security and compliance at the forefront like we do.
Overall Security Posture
Legal Name
Blink Global LLC, A Delaware Corporation.
Transparency
BL.INK publishes documentation of our compliance against global standards including certifications, policies attestations, audit reports and real-time evidence monitoring at https://bl.ink/trust.
Certifications
BL.INK is SOC 2 Type 2, accredited by MJD Advisors, August 2023, 2024.
BL.INK is ISO/IEC 27001:2022 Certified by Intercert, August 2024.
GDPR
This page lists our ongoing efforts to maintain compliance with the EU’s General Data Protection Regulation (GDPR). Please visit: https://bl.ink/gdpr
Penetration Testing
BL.INK performs two penetration tests per year.
Request a Signed Data Processing Agreement (DPA)
You can request an official copy here.
Product Security
Uptime
BL.INK boasts an uptime rate of 99.9% or higher, ensuring continuous service availability, please visit http://status.bl.ink to monitor the status of our systems and see our historic availability.
Permissions
BL.INK offers role-based access control for user seats within the application. Permission levels encompass control over app settings and billing, account configurations such as domains and link parameters, and visibility and control over links and data.
Single Sign-On (SSO)
BL.INK enforces SSO to authenticate users within their own systems, eliminating the need for additional login credentials. SSO can be offered within an Enterprise account upon request, and may be factored in to the subscription cost.
Password and Credential Storage
Alongside SSO, BL.INK maintains a robust password complexity standard using a minimum of 16 characters and secures credentials using advanced hash algorithms.
Network and Application Security
Data Hosting and Storage
BL.INK utilizes Amazon Web Services (AWS) facilities in the USA East 1, East 2 and West 2 region to host its services and data. We are able to host data in other geographies upon request within an Enterprise account, at an additional cost.
Virtual Private Cloud (VPC)
All BL.INK servers reside within a virtual private cloud equipped with network access control lists to prevent unauthorized requests.
Encryption at Rest
The BLINK Information Security Policy mandates that data is always encrypted at rest. Our databases, disks and file systems use Advanced Encryption Standard (AES) XTS-AES-256 block cipher in concert with the AWS Key Management Service (KMS).
SSL Encryption
All data transmitted to and from BL.INK is encrypted using 256-bit encryption. The API and application endpoints score an "A+" rating on Qualys SSL Labs' tests.
TLS Encryption
All Communications use Transport Layer Security (TLS) Version 1.2 and higher.
Failover and Disaster Recovery (DR)
BL.INK's infrastructure and data are distributed across two AWS availability zones, designed with disaster recovery capabilities. Recovery Point Objective of 12:00 am central time and Recovery Time Objective (RTO) of 4 hours.
Backups and Monitoring
BL.INK employs Amazon RDS's daily backup solution for databases containing customer data.
Permissions and Authentication
BL.INK operates entirely over HTTPS. Customer data access is limited to authorized personnel. A zero-trust network model is maintained, supplemented by SSO, 2-factor authentication (2FA), and strong password policies.
Incident Response
BL.INK follows a structured protocol for handling security events, involving escalation procedures, swift mitigation, and post-incident analysis. All employees and contractors are well-informed about these policies.
Request the removal of personally identifiable information and/or account data by emailing privacy@bl.ink and we will respond within 72 hours.
Additional Security Measures
Confidentiality
Confidentiality agreements are integral to all BL.INK employment contracts, emphasize the protection of sensitive information.
Background Checks
Background verification checks for all candidates, employees and contractors are carried out in accordance with relevant laws, regulations, and ethics, and proportional to the business requirements.
Privacy
BL.INK regularly updates our privacy policy and monitors changing standards. Please visit: https://www.bl.ink/privacy-policy.
Terms of Service
Please visit https://www.bl.ink/terms-of-service.
Training
Every BL.INK employee and contractor undergoes annual Security and Awareness training to foster a security-conscious software and operational culture. Regular monthly training is also conducted and audited by our Vice President of Operations.
Policies
BL.INK maintains an evolving set of comprehensive security policies, encompassing various topics and shared across the organization. You may review current policies at http://bl.ink/trust.
PCI Obligations
Credit card payments for BL.INK subscriptions are managed through Chargebee, a partner with strong security measures and PCI compliance. BL.INK itself is also PCI Compliant, via self-attestation.