Security FAQ

1. Does your application encrypt data?

Yes, Bloomfire encrypts data at rest as well as user data in transit to ensure that login data is protected.

2. Does the application’s website support HTTPS for all of its pages?


3. Is Bloomfire hosting secure?

Bloomfire hosting is extremely secure. Our servers are hosted at SSAE 16 compliant facilities. Our hosting environment encrypts customer data using AES-256 at rest to keep your data safe. And all connections to Bloomfire are secured via SSL/TLS. We provide security support, vulnerability testing, reporting, and more to ensure uptime and data integrity.

4. Does your application support data backup in multiple locations?


5. How does Bloomfire monitor and test its environment?

Bloomfire scans for vulnerabilities and intrusions regularly, in addition to running penetration tests. All customers receive full backup and recovery services so your data stays safe, even in the event of an emergency.

6. Does Bloomfire support SSO?

Yes, Bloomfire supports SSO so that users can navigate between systems without having to manage multiple passwords. This allows you to leverage your existing layers of security to further protect your information.

7. How does Bloomfire protect users’ identities and credentials during authentication?

Bloomfire users can be individually identified and provided access through assigned privileges based on community and group settings and other variables. Authentication is managed based on user credentials. All user activity is tracked by the application for review.

8. How does Bloomfire back up its data?

Bloomfire’s database is replicated across multiple AZs in real time, allowing us to continue operation with the loss of any single AZ. We also take snapshots of our data and store them apart from our servers throughout the day.

9. What roles and permissions are supported by Bloomfire?

Bloomfire can be configured to grant users view-only, edit, administration, or community level owner access. In addition, Bloomfire structure allows you to set specific content to “private” so you have complete control over who can see and edit your content.

10. Is Bloomfire SOC2 type 2 Compliant?

Bloomfire is SOC2 type 2 compliant, meaning that every employee follows strict procedures internally and that we review these procedures annually to ensure compliance. SOC2 governs policies and procedures across the organization — from development processes, server, and other maintenance to internal and external communications.

11. Is Bloomfire HIPAA ready?

Yes, Bloomfire is HIPAA-ready. We adhere to HIPAA standards across the organization — from the policies we follow to the hosting of your data. We sign Business Associates Agreement (BAA) with customers that request it to ensure the protection of their patients’ health information.

12. What is GDPR and how is Bloomfire addressing GDPR?

The General Data Protection Regulation (GDPR) is a new policy that extends individuals’ rights as they pertain to the way organizations market, track, and handle their personal data. The concept of controlling personal data is not new. In fact, GDPR is replacing the 1995 Data Protection Directive (DPD). Bloomfire adheres to the GDPR regulations, and our privacy policy has been updated to comply with GDPR.

For more information: