Security and trust are at the core of Blueshift’s values, and therefore we provide multiple capabilities, safeguards and processes to ensure the security and privacy of our customer’s data.
Blueshift undergoes an annual security audit. In addition, we have customers in the financial industry that have performed stringent due diligence on our platform and leverage Blueshift for their critical customer transactional and marketing messaging.
Blueshift has an extensive privacy security team that is responsible for responding to and addressing customer questions regarding privacy and security. The team is also responsible for staying ahead of the most recent privacy and security regulations to ensure that we are always up-to-speed and compliant with the latest local regulations and compliance requirements.
- Compliance: Blueshift is SOC2 Type 2 compliant and also compliant with both CCPA and GDPR.
- Data Storage: Blueshift stores all PII data in a compliant manner with monthly penetration testing by a 3rd party security firm.
Management of Personally Identifiable Information (PII)
Blueshift manages Personally Identifiable Information (PII) such as name, address, email, and phone number in ways that comply with privacy and security regulations in the regions where it is deployed.
Only user data that is required for driving marketing programs and strategy is imported into the Blueshift platform. Sensitive PII data (for example, SSN, credit card number, and so on) is not sent to Blueshift.
Blueshift is compliant with both CCPA and GDPR and offers various features to comply and enforce user consent for data usage to comply with these privacy regulations, including the ability to ensure the deletion and automatic suppression of customer data per customer's request. You can use our API endpoint for deleting user data and for automatic suppression. Calling this endpoint for a user will ensure that all personal data related to the user is deleted from the index of user data that Blueshift stores for our customers. Any future data related to the user will also be suppressed. As a result, the data cannot be used in any manner for any marketing communications within the Blueshift platform.