The Blackfynn platform is HIPAA and GDPR compliant. Blackfynn’s security model is anchored on protecting the confidentiality, integrity and availability of data. During our cyclical risk management evaluations we apply industry standards from the National Institute of Standards and Technology (NIST) and our cloud provider, Amazon Web Services (AWS) as well as input from third-party experts.
All data transmitted from customer devices to the Blackfynn platform is protected using 256-bit TLS encryption. To provide encryption and data segregation at rest, each organization has a unique key in which data is encrypted using AES-256. This encryption is managed by Amazon's Key Management Service (KMS). Audit logs track each time a key is used to encrypt or decrypt data. Every file uploaded to the platform is individually scanned for viruses and will not enter the platform if the file is found to be infected. Blackfynn backups are geo-redundantly replicated across multiple availability zones for data durability.
You can learn more about the way we store and manage data by reading our Security Overview.