bloomsocial site logo

Security

Security

BloomSocial is committed to protecting customer data and maintaining a secure, reliable platform. This page outlines our security practices and controls.

1. Security Program Overview

BloomSocial maintains a security program aligned with industry best practices and the SOC 2 Trust Services Criteria, covering security, availability, and confidentiality.

2. Infrastructure Security

  • Cloud hosted infrastructure with reputable providers
  • Network segmentation and firewall protections
  • Secure configuration management
  • Regular vulnerability monitoring

3. Data Protection

  • Encryption in transit using TLS
  • Encryption at rest where applicable
  • Logical separation of customer data
  • Secure storage of credentials and secrets

4. Access Controls

  • Role based access control
  • Principle of least privilege
  • Multi factor authentication for internal access
  • Regular access reviews

5. Application Security

  • Secure development lifecycle practices
  • Code reviews and automated testing
  • Dependency monitoring for vulnerabilities
  • Change management controls
  • Penetration testing for every release 

6. Monitoring and Incident Response

  • Centralized logging and monitoring
  • Alerting for anomalous behavior
  • Documented incident response procedures
  • Customer notification in the event of a confirmed data breach

7. Data Retention and Deletion

  • Data retained only as required to provide services
  • Secure deletion upon termination or request
  • Retention aligned with contractual and legal requirements

8. Third Party Risk Management

  • Due diligence on subprocessors and vendors
  • Contractual security and confidentiality obligations
  • Periodic reviews of vendor risk

9. Compliance

BloomSocial supports compliance with:

  • GDPR and UK GDPR
  • CCPA and CPRA
  • PIPEDA
  • SOC 2 readiness

Compliance documentation may be provided under NDA.

10. Employee Security

  • Background checks where legally permitted
  • Security awareness training
  • Confidentiality obligations for employees and contractors

11. Business Continuity

  • Regular backups
  • Disaster recovery planning
  • High availability architecture

12. Reporting Security Issues

If you believe you have identified a security vulnerability, contact:
 security@bloomsocial.ai