Security & Reliability
Encryption in Transit
Blue J takes encryption seriously. We support TLS 1.3, the latest version of the security protocol, to secure your data during transit. Blue J’s SSL configuration is routinely audited to ensure we keep an A+ rating from www.ssllabs.com.
HSTS tells a browser that a site should only be accessed via encrypted channels (HTTPS). The Blue J platform uses HSTS configured in accordance with industry best practices to ensure all your traffic is encrypted.
Encryption at Rest
Blue J uses military grade AES-256-GCM to encrypt data at rest.
Our IAM (Identity Access and Management) system intervenes against popular attacks like brute force logins or suspicious amounts of traffic from an account.
Every new Blue J employee goes through a rigorous background check and goes through Blue J onboarding before they are given access to Blue J systems.
Hosted on AWS
The Blue J platform (including all applications and data) is hosted using Amazon Web Services. Amazon is the global leader in cloud computing. Amazon’s data centers are some of the most regulated and secure environments in the world. Amazon data centers are SOC1, SOC2, SOC3, PCI-DSS, ISO-27001 certified. A complete list can be found here.
Built with Automation
Automation is heavily used at Blue J to ensure our services and configurations are built and maintained in their desired states. Changes at Blue J are made by automation to ensure consistency and repeatability as well as to reduce human error. In addition to all the other benefits of automation, our verification tools ensure that our environments continually match the state we built them in with every change.
One of the major focal points of computer security is the concept of least privilege. At Blue J we work hard to ensure we stick to this concept. Our engineers ensure that our applications run using non-privileged accounts to run our workloads.
The only thing worse than a disaster is not being prepared for a disaster. That is why Blue J databases backup all transactions every 5 minutes, with full database backups occurring every 24 hours. So if disaster strikes it doesn’t matter if data was needed from 30 minutes ago or 3 days ago, it’s there.
Data Protection Rights
Purpose of Processing
Providing a research and analysis platform for legal issues.
More information on the collection and use of Personally Identifiable Information (PII) can be found here: https://www.bluej.com/privacy-policy
Basis for Collection & Processing
Data Subject Access Requests (DSAR)
Data Privacy & Cookie Policies
Customers can submit a deletion request to our Data Protection Officer (“DPO”) at firstname.lastname@example.org should they opt to have their data removed at any point.
In the event of a breach Blue J will promptly report to required parties to comply with all applicable regulatory requirements.
Individual Responsible for Compliance
Brett Janssen, CTO
Please contact us at the address set out below if you have any questions or comments about Security or if you otherwise have a question or complaint about the manner in which we or our service providers treat your personal information.
Chief Operating Officer