Last updated November 27, 2020
At Blossom, we take privacy and security very seriously to ensure that your data is yours alone, not ours.
Here are the security measures that we currently have in place to protect both our users data and Blossom:
Backups and monitoring
We use AWS RDS’ backup solution for datastores that contain customer data. Data is automatically backed up each day, and we keep daily backups for 14 days. We store logs for all activity through AWS CloudWatch, and all actions taken on production consoles or in the application are logged.
Hosting and storage
Blossom services and data are hosted in Amazon Web Services (AWS) facilities (us-east-1) in the United States using services under the AWS Security Compliance Program
•All user interview recordings and insight clip videos are encrypted at rest using SSE-S3 encryption
•Data is encrypted while moving between us and the browser with Transport Level Security (TLS). All SSL certificates are issued and managed through AWS. We score an ‘A’ rating on Qualys SSL Labs‘ tests.
•We don’t use any screen-recording user tracking software such as Hotjar or Fullstory.
•We fully comply with Zoom’s Marketplace Developer Agreement and Data Compliance policy with respect to account de-authorization. This means that if you unlink Blossom from your Zoom account, we permanently remove all data including recordings, insights, notes, and markers within 10 days of de-authorization.
•We employ Multi-Factor Authentication best practices for securing our production data and email accounts.
Zoom Integration Security
•We utilize OAuth 2.0 to authorize Zoom users to integrate with Blossom without exposing your login credentials.
Our Zoom integration requests the minimal permission scope required to help you perform your day-to-day tasks in Blossom, in accordance with Zoom’s App Permissions guidelines.