Security Controls

Bloomreach Engagement provides a comprehensive set of security features to ensure that your customer data remains safe. These include:

Our Core Security features ensure endpoint security, vulnerability management, quality assurance, monitoring, and incident management. Furthermore, our Enterprise features package ensures compliance with stricter regulations required for multinational brands.

Bloomreach Engagement Core Security

At Bloomreach Engagement, we ensure a secure set-up. This includes two-factor authentication (2FA) through either SMS or an App Authenticator, and/or a captcha challenge-response test when signing in. We use Google Load Balancer with firewall rules to protect load-balanced resources. We also use TLS, SSH, and VPN options to encrypt traffic within the Bloomreach Engagement application.

Webhooks and imports may use static IPs if our clients require this level of security. Finally, our application and infrastructure are monitored and logged.

Bloomreach Engagement Enterprise Security

We understand some of our clients require additional security. When working with sensitive data, such as banking or telecommunications sector data, we implement extra measures to increase the level of security of their data.

We, therefore, provide an additional layer of features for enterprise clients, including enhanced security and access management.

Both our core and enterprise security utilize our Private and Public APIs, which enable you to control your customer’s data.

Using our dedicated Bloomreach Engagement Private API, you can securely send and download data from Bloomreach Engagement, allowing you to fulfill Subject Access Requests required under GDPR.

We use both a Public and Private API:

  • Our Public API is used for web tracking and web personalization and uses a public token
  • Our Private API uses a private token and secret.

Security management

Endpoint Security

We take care that all of our endpoint devices are protected according to our Endpoint Security Policy. This includes that all of our endpoint devices have disc encryption, malware protection, guest access disabled, firewall, and regularly updated OS. In addition, we perform regular checks to make sure that we maintain this high level of security.


Our security monitoring is performed on information collected from internal network traffic and the knowledge of our vulnerabilities. Internal traffic is checked for any suspicious behavior. Network analysis and examination of system logs in order to identify unusual behavior are vital parts of monitoring. We place search alerts on public data repositories to look for security incidents and analyze system logs.

Vulnerability Management

Bloomreach Engagement has a vulnerability management policy that includes processes such as regular web scans and scans for potential threats. Once a vulnerability requiring our attention has been identified, it is tracked, given priority according to how urgent it is, and assigned to relevant people as a ticket. Our security team tracks such issues and follows up regularly until they can check that the issues have been resolved.

Incident Management

Bloomreach Engagement has well-defined incident management processes for security events that may affect the confidentiality, integrity, or availability of our client’s resources or data. If an incident occurs, the security team identifies it, reports it, assigns it to the correct resolver, and gives it a resolution priority based on its urgency. Events that directly impact our customers are always assigned the highest priority and shortest resolution time. This process involves plans of action, procedures for identification, escalation, mitigation, and reporting.