Security and trust are fundamental to how Blue J is built and operated. We follow enterprise-grade practices to protect your data and ensure the reliability of our platform. For further details, please consult bluej.com/security.
Security overview
Blue J maintains a comprehensive Information Security Program designed to protect customer data and ensure system integrity.
- SOC 2 Type 2 compliant
- Continuous monitoring of security controls
- Regular third-party testing and assessments
- Dedicated internal ownership of security practices
Blue J can provide its SOC 2 report upon request under a signed NDA.
Data protection
Encryption
- Data at rest: Encrypted using AES-256
- Data in transit: Encrypted using TLS 1.2 or higher
Encryption keys are securely managed using industry-standard key management systems.
Data collection
Blue J only collects the information necessary to operate the platform, including:
- Basic account information (e.g., name, email)
- Authentication and access data
- Limited usage and analytics data
No unnecessary personal data is collected.
File uploads
- Uploaded files are optional
- Files are automatically deleted after 24 hours
- Files are isolated to your session and securely processed
This ensures sensitive client materials are not retained longer than necessary.
Access and authentication
- Role-based access controls are enforced using the principle of least privilege
- Multi-factor authentication (MFA) is required for employee accounts
- Access permissions are reviewed regularly
This ensures only authorized users can access systems and data.
Infrastructure and availability
Blue J is a cloud-native platform hosted on trusted infrastructure providers.
- Hosted on AWS and Cloudflare
- Built with redundancy across systems and data stores
- Designed to self-heal and recover automatically from many issues
This supports high availability and reliability.
Monitoring and testing
- Continuous monitoring of security controls
- Annual penetration testing by independent third parties
- Quarterly vulnerability scanning
- Real-time monitoring for malicious activity
Any identified vulnerabilities are prioritized and addressed promptly.
Incident response
Blue J maintains a formal incident response program to handle security events.
- Defined processes for identifying and responding to incidents
- Regular testing of response procedures
- Prompt notification in the event of a data breach (as required by law)
Business continuity and backups
- Daily full database backups with incremental backups every 5 minutes
- Disaster recovery plans reviewed and tested annually
- Infrastructure designed for rapid recovery in case of outages
Employee security practices
- Mandatory security training for all employees (onboarding and annually)
- Additional secure development training for engineering teams
- Background checks conducted prior to employment
Data control and removal
You have control over your data:
- You can request deletion of your data at any time
- Blue J supports “right to be forgotten” requests
Requests can be submitted to security@bluej.com.
Reporting security concerns
If you believe you have discovered a bug or have another concern related to Blue J’s security, please contact our security team at security@bluej.com
We take all security reports seriously and will investigate promptly.