Security Policy

Last Update on June 2024

Table of Contents

1. Welcome to BlinkSwag

At BlinkSwag, we prioritize the security and privacy of our customers’ data. This Security Policy outlines the measures we take to safeguard information and maintain the trust of our customers. BlinkSwag provides a technology infrastructure for businesses to send branded swag, rewards, experiences, and incentives. Our platform is hosted on AWS and integrates with Zoho Suite for customer relationship and order fulfillment.

2. BlinkSwag: The Trusted Partner for Branded Swag

Since day one, security and transparency have always been priorities at BlinkSwag. We are committed to protecting the data of our customers, employers, and employees. With our enterprise-level security practices and third-party audits, you can be confident about how your data is being stored, shared, and protected.

3. Security Principles

The following principles guide our approach to security:

  • Universal Participation: Every BlinkSwag employee is responsible for the security of our product.
  • Risk-Based Security: We continuously identify and manage emerging threats and significant risks.
  • Least-Privilege: Users and systems have the minimum level of access necessary to perform their functions.
  • Separation of Duties: No single user or system has too much authority.
  • Defense in Depth: Layered security mechanisms increase overall system security.
  • Minimize Surface Area: We reduce overall risk by minimizing the attack surface area.
  • Continuous Monitoring and Logging: We detect unauthorized use and support incident investigations through continuous monitoring and logging.

4. Global Data and Security Compliance

BlinkSwag is committed to ensuring the integrity, confidentiality, availability, and security of its
physical and information assets while meeting legal, statutory, and regulatory requirements. To
provide adequate protection for information assets, BlinkSwag has built an Information Security
Management System (ISMS).

5. People Security

Onboarding and Offboarding

  • Account permissions are established and reviewed at key milestones, including onboarding, internal transfers, and offboarding, to ensure appropriate access levels.

Leadership Team

  • Security is a key priority for all members of the BlinkSwag senior leadership team. Company executives routinely review security protocols and standards to ensure they reflect the latest security best practices

Policies and Standards

  • All employees and contract personnel are bound by BlinkSwag’s internal policies and standards regarding the confidentiality of customer data and other security-related concerns. These guidelines are accessible to all employees and contractors, who are responsible for understanding and adhering to them.

Background Checks

  • As part of our interview and onboarding process, we conduct comprehensive background checks, including verification of education, previous work experience, and reference checks, to ensure that employees and contractors meet our security standards.

Training

  • All new hires receive security training that educates them on potential risks, best practices, and how BlinkSwag addresses security throughout the product development lifecycle. Employees must complete annual security training and attest to following our policies.

Ongoing Education

  • Security is not static. As new potential threats and risks appear, we continuously educate our workforce about additional security requirements and guidelines through ongoing training and awareness programs.

Levels of Access

  • We regularly review employee permissions and access, ensuring that access is removed when no longer needed. Contract positions receive access that expires no later than the end of their contract.

Endpoint Security

  • Laptops provided by BlinkSwag are equipped with security measures, including disk encryption, anti-virus and anti-malware software, insider risk monitoring software, and endpoint detection and response (EDR) security.

Vendor Assessment

  • We assess vendors to ensure they meet our security requirements. This assessment is conducted before partnering with vendors and periodically thereafter to maintain high security standards.

6. Product Security

Change Management

  • We follow a thorough, proven process for software changes and updates to ensure stability and security throughout our production environment. Each change is tracked, reviewed, tested, and approved through an auditable process.

Monitoring and Protecting Applications

  • BlinkSwag uses advanced systems to monitor and protect our applications. This includes a Web Application Firewall (WAF) to safeguard against attacks and automated processes to ensure application security.

Penetration Testing

  • We engage leading independent organizations to perform annual application-level penetration testing. Any identified vulnerabilities are addressed promptly and thoroughly.

Explicit Consent and Permissioning

  • We prompt employers to review and grant consent for the specific data points an application requests access to, ensuring secure, private, and permissioned access to data.

7. Data Security

Classification

  • We classify data in different tiers to allocate appropriate resources for its protection. This includes highly restricted, confidential, and public data classifications.

Data Encryption

  • Data is encrypted both in transit and at rest using industry-standard encryption protocols to ensure its security.

Data Segregation

  • BlinkSwag implements logical separation between customers by tagging all data with associated Client IDs, enforcing access controls, and protecting against data leaks.

Data Access

  • We design applications and procedures following the principles of least privilege, ensuring users and systems have the minimum level of access necessary to perform their functions.

8. Infrastructure Security

Secure Cloud Infrastructure

  • BlinkSwag is hosted on AWS, which provides a secure cloud infrastructure with years of safety enhancements for maximum performance, resilience, and speed of deployment.

Logging and Monitoring

  • We maintain detailed logs of all impactful changes, actions, and authentication attempts, allowing us to identify and address problems quickly. Authorized employees have access to these logs for security analysis.

Access to the Production Environment

  • Only authorized personnel can access the BlinkSwag production environment. Remote administration requires SSH access, restricted by the use of a bastion host, SSH keys, and IP address whitelisting.

Penetration Testing

  • BlinkSwag engages leading independent organizations to perform annual infrastructure-level penetration testing to ensure the security of our infrastructure.

Patching

  • We address vulnerabilities through security updates and patches provided by vendors. If live patching is not possible, we use the most recently available base image and cycle assets to enable updates.

Asset Management

  • All cloud assets in our infrastructure are inventoried and documented to ensure they are secured appropriately.

9. Monitoring and Responding to Threats

Secure Cloud Infrastructure

  • BlinkSwag is hosted on AWS, which provides a secure cloud infrastructure with years of safety enhancements for maximum performance, resilience, and speed of deployment.

Continuous Monitoring

  • We protect your data through continuous monitoring of BlinkSwag’s infrastructure using industry-leading intrusion detection systems.

Responding to Incidents

  • Our 24/7 on-call team ensures all alerts are immediately acted upon, keeping your data secure. Each team member has clear roles and responsibilities in the event of a security-related incident, enabling us to triage incidents, minimize impact, and prevent future occurrences.

Responsible Disclosure

  • We strive to address any vulnerabilities quickly and efficiently. If someone finds a vulnerability with any BlinkSwag products or services, we encourage prompt disclosure to security@blinkswag.com.

10. Continuity and Resilience

Multiple Data Centers

  • Our network infrastructure spans numerous availability zones, ensuring minimal disruption during outages.

Data Center Security

  • We chose AWS for our production environment due to their commitment to security, including secure locations, multi-factor authentication mechanisms, and continuous audit tools.

Data Backups

  • BlinkSwag performs regular daily backups of data across our data stores. All backups are encrypted.

Disaster Recovery

  • Our disaster recovery plan is reviewed and tested regularly to ensure the security of key data and processes. This plan is our blueprint for restoring data and services in the event of an emergency.

11. Looking Ahead

BlinkSwag is committed to staying at the forefront of security, from earning additional certifications to following future leading practices such as tokenization. Our highly informed leadership team will continue to stay up-to-date on the latest developments in security, ensuring we remain a trusted partner.

11. Learn More

For more information about our comprehensive, multi-layer approach to security, please reach
out to us via email at security@blinkswag.com.