Blissbook's protection of your data starts with a classification system. We classify the different types of data that we store across three categories (Customer Data, Customer User Data, and Internal Data), document the required protection levels for each type of data, and take precautions to ensure each type of data is protected as prescribed by the protection levels. Employees are trained regularly on this topic to ensure confidential data is not stored, shared, or transmitted without the proper protections in place.
Protections include, but are not limited to:
SHA-256 RSA Encryption: At rest and in transit, both within our infrastructure and across the web, API, and SFTP endpoints.
Access Control: Within our infrastructure, we follow the principles of least privilege to grant access to PII to specific staff members who have signed confidentiality agreements and passed appropriate background checks. Customer Admins may also grant varying levels of access to their teammates within their Blissbook account based on different roles.
Anonymization: Blissbook users are anonymized to a unique user ID, which is what's stored in our logs and databases.
Authentication: We have strict controls in place to ensure staff members and customer admin users authenticate themselves before accessing sensitive or highly sensitive information.
Training: Staff undergoes annual training on various information security topics to ensure customer data is handled safely and securely.
Compliance: Blissbook complies with the latest GDPR, CCPA, and Privacy Shield regulations.
If you have further questions, please contact our support team. We are happy to share more details about our IT infrastructure and how we keep your confidential information safe and secure.
If you've discovered a security issue with Blissbook, please report it to our security team.