Blazelock

Compliance & Security

Learn how Blazelock approaches data protection, infrastructure, and application security.

Blazelock is built for business use cases where security, privacy, and reliability matter. This page provides a practical overview of our current security and compliance-related practices.

GDPR

Blazelock is operated with GDPR compliance in mind. We apply data protection standards across our service and maintain data processing agreements with all third-party vendors we rely on.

Infrastructure Hosting

Our infrastructure is hosted in the 🇪🇺 EU, with servers located in Germany. We also work primarily with European partners.

In addition, our infrastructure is operated with the following baseline measures in mind:

  • TLS 1.2+ for all connections
  • Automated backups
  • 24/7 infrastructure monitoring and alerting
  • Regular security patches applied to all infrastructure

Product Security

Blazelock includes a number of product-level security measures to help protect accounts, credentials, and integrations:

  • Two-factor authentication: Two-factor authentication is available for dashboard accounts.
  • Strong passwords: Dashboard accounts accept only strong passwords based on validated password rules.
  • HTTPS-only connections: Connections to Blazelock are accepted only over HTTPS. Unencrypted HTTP is not supported.
  • Hashed credentials: Sensitive credentials are protected before storage. Values that only need to be verified later, such as passwords or API keys, are stored as hashes. API keys are shown only once at creation.
  • Encrypted sensitive values: Sensitive values that must be retrieved again later, such as webhook secrets, are stored encrypted in the database.
  • Webhook signature verification: Webhook integrations support secret-based signature verification.

Scan Engines

Our scanning algorithm is built on industry-leading providers. Before a provider is used in production, we evaluate it in extensive internal tests against representative malicious and clean files.

These tests are performed in an isolated validation environment and cover three areas:

  • A large, continuously updated corpus of malware samples across different malware families, file formats, and file structures, including both long-known threats and newly distributed malware
  • Millions of benign files to assess false-positive behavior
  • Multiple performance scenarios to evaluate throughput, latency, and overall scan stability under different load conditions

In our security lab, we continuously run comparison tests and refine our detection pipeline. We regularly review existing partners, monitor scan quality over time, and evaluate new providers on an ongoing basis. Our key criteria are high detection rates, low false-positive rates, and fast scan performance.

Vulnerability Disclosure

Please do not publicly disclose suspected vulnerabilities before they have been investigated and resolved. Coordinated disclosure helps protect customers and reduces avoidable risk.

Privacy Policy

For more information about how we process personal data, please refer to our Privacy Policy.

Changelog

Follow the latest Blazelock product updates, improvements, and fixes.

On this page

GDPRInfrastructure HostingProduct SecurityScan EnginesVulnerability DisclosurePrivacy Policy