Blueshift: Data Privacy & Security

Overview: Blueshift's application is built for enterprise customers with strong security and privacy needs around Personally Identifiable Information (PII). We are certified by Truste and participate in the EU-US Privacy Shield Framework.


1. Outline the steps you take to respect customer privacy.

  • Multi-factor authentication (MFA): All access to the Blueshift application is MFA-based, requiring the end-user to confirm their password, as well as a device authentication code sent to their email. In addition, Blueshift supports multiple user roles and permissions which allows customers to control which users have access to certain features or data.

  • VPN/VPC: All data is stored in a Virtual Private Cloud utilizing Amazon Web Services and access is over encrypted channels. Access to the VPC is protected through multi-factor authentication.

  • Audit: All changes to account configuration including changing campaigns, templates, segments, etc. are logged and audited with reports available for review.

  • Application Deployments: All code changes are reviewed before being deployed to the production environment.

  • Employee Access: Access to client accounts is given on a case by case basis and typical access is maintained only by the client success team. Blueshift senior operations staff regularly reviews and updates all employee account access.


2. Does your application have multi-factor authentication?

Yes, as mentioned above all access to the Blueshift application is MFA-based, requiring the end-user to confirm their password, as well as a device authentication code sent to their email.


3. What data security or privacy certifications do you have? How do you work with PII data for European customers?

We are SOC2 Compliant

We are certified by Truste

We participate in the EU-US Privacy Shield


4. Describe any security system audit that you have.

We perform annual penetration & vulnerability testing.



});