Security Policy
Bloomerang: Committed to Your Security
At Bloomerang, we understand that safeguarding your information is crucial. We’ve built a robust security program that covers every aspect of our operations, from our corporate practices to the very infrastructure we rely on.
Our Multi-Layered Approach
- Product Security: Your Bloomerang platform is equipped with a suite of features designed to keep your data safe and sound, including stringent access controls and detailed audit logs.
- Application Security: We bake security into the very core of our software development process, proactively addressing vulnerabilities before they become threats.
- Infrastructure Security: We partner with trusted technology providers to ensure our underlying platform is as secure as the services it supports.
- Corporate Security: We’re constantly refining our policies and procedures to ensure our organization operates at the highest security standards.
- Security Education and Training Awareness: As part of our commitment to maintaining a robust security posture, all employees are required to complete comprehensive security awareness and training programs. These programs equip our team members with the knowledge and skills necessary to identify and mitigate security risks, ensuring the protection of our systems, data, and customers.
SOC 2 Type 2 and PCI-DSS Compliance
At Bloomerang, we are committed to meeting the highest standards of security and compliance. We are SOC 2 Type 2 certified, which means that our application and processes have been independently audited and verified to meet rigorous security and privacy controls. We are also PCI DSS compliant, ensuring that we securely process and store payment card data.
These certifications demonstrate our dedication to protecting your data and maintaining the integrity of our platform. We understand that trust is paramount, and we work tirelessly to earn and maintain your confidence.
You can request these reports and answers to common security questions from our trust website located at https://trust.bloomerang.com. We encourage you to review these documents to learn more about our commitment to security and compliance.
Have Questions?
We’re here to help! Reach out to your dedicated Account Executive or Customer Success Manager, or feel free to email our security team directly at security@bloomerang.com. We’re committed to transparency and will gladly discuss any concerns you may have.
Responsible Vulnerability Disclosure
At Bloomerang, we appreciate the efforts of security researchers and ethical hackers who help us identify and address vulnerabilities in our systems. We encourage responsible security reporting and have established a process for researchers to safely disclose vulnerabilities to us.
If you believe you have identified a security vulnerability in any of our products or services, please contact our security team directly at security@bloomerang.com. When reporting a vulnerability, please include the following information:
- A detailed description of the vulnerability, including the steps to reproduce it
- The impact of the vulnerability on our systems or users
- Any proof-of-concept code or scripts that demonstrate the vulnerability
- Your contact information, so we can follow up with you
We will promptly investigate all reported vulnerabilities and work to resolve them as quickly as possible. We appreciate your cooperation and commitment to helping us keep our platform secure.
Please note that we do not have a bug bounty program at this time.