All of Bloggr’s servers are hosted by Amazon Web Services (AWS) in the United States. All components that process user data operate within Bloggr’s private network. Only a small number of Bloggr’s servers, protected behind load balancers and a firewall, are accessible from the Internet.
Connections between the client apps and the backend infrastructure are protected by up-to-date encryption protocols (including SSL/TLS 1.2) while maintaining compatibility with the cipher suites the client supports. All databases, data storage, and backups are encrypted at rest using AES-256.
Bloggr also operates a to identify and fix issues efficiently. To conduct your own penetration tests, please your Bloggr account representative for an arrangement.
In addition to the security we’ve built at an infrastructure level, we also provide administration features to our paid Bloggr Business teams. These features allow administrators to manage their teams and include capabilities to create, transfer, or revoke access as needed.
Bloggr uses secure, industry-leading services to manage roles and access policies, certificates, encryption keys and secrets, firewalls, network access lists, and log collection and monitoring.
Our security and platform team performs regular check-ins with every development team and all code is thoroughly reviewed and checked through a version control system. We automatically scan our applications and libraries for known vulnerabilities and apply fixes promptly.
To access any of Bloggr’s internal systems, employees must authenticate via a single-sign-on system with mandatory 2-factor authentication. We regularly review employees’ access to the systems that hold or process customer data and revoke access for employees who no longer require it to do their work.
Bloggr has a set of policies and technical controls that prevent employees from accessing customer data that is stored or processed by Bloggr systems. Where appropriate, Bloggr uses private keys and restricts network access to particular employees.
While Bloggr may track anonymized, aggregate statistics by website domain, Bloggr doesn’t collect browsing history from specific users while they browse the web. Information such as web server access logs or IP addresses is collected only for a limited time and only to provide specific services to the user, such as fraud prevention.
Before using a third-party vendor, Bloggr carefully evaluates the vendor's security practices. Bloggr removes personal information from third-party systems if it is no longer needed or if a user requests account deletion.