Lawmakers urge Biden and all schools to inventory vulnerabilities.   Read more
The security of your data is our highest priority
Trust BlueCard to keep your data secure and meet your compliance and regulatory requirements.
Our privacy policy and controls safeguard the collection, use and disclosure of your data.
We employ multiple layers of protection across a distributed, reliable infrastructure.
Our controls are tested against recognized standards and regulations by credentialed auditors.

BlueCard is SOC 2+ and HIPAA compliant and satisfies FERPA's vendor obligations

Our robust security management program has over 100 controls and focuses on security governance, risk management and compliance.
Application security
We encrypt data in transit and at rest, protect keys and secrets, harden servers, log and monitor, and test our application for vulnerabilities
Network security
We deny malicious actors’ the ability to intercept data with securely-configured firewalls, RBACs, ACLs, security groups, and a zero-trust model.
Physical security
AWS provides us with world-class physical security, including strictly controlled perimeters, video surveillance, on-site security, and more.
Information security
Our security policies are designed to protect your data and limit the collection, use, and disclosure of your information without your authorization
Subprocessor security
For key processing tasks we only work with vendors whose audited controls exceed our minimum security requirements.
Vulnerability management
We perform automated and manual security testing on a regular basis to identify and patch potential security vulnerabilities and bugs.
We communicate the status of our service, have procedures to evaluate security incidents, and will promptly notify affected customers.
Our app and security controls are pen tested and audited against global security standards and regulations, and compliance is monitored 24/7
Responsible disclosure welcome
Help us ensure security and privacy by reporting vulnerabilities.