Blinkr

Privacy Policy

Last updated: 28 February 2025

1. Introduction

Blinkr ("we", "us", "our") provides a browser security platform that helps organizations manage credentials, enforce browsing policies, and monitor activity. This Privacy Policy explains how we collect, use, and protect information when you use our web application and Chrome extension (collectively, the "Service").

2. Information We Collect

2.1 Account Information

When an organization administrator creates accounts, we collect names, email addresses, and hashed passwords. Passwords are one-way hashed using bcrypt and cannot be reversed.

2.2 Credential Vault Data

Credentials stored in the vault (usernames and passwords for third-party services) are encrypted at rest using AES-256-GCM encryption with organization-specific keys. These credentials are only decrypted at the moment of injection into login forms and are never exposed to end users in plaintext.

2.3 Browsing Activity Data

When enabled by an organization administrator, the Chrome extension logs browsing activity including URLs visited, timestamps, blocked navigation attempts, download block events, and DevTools detection events. This data is collected solely for the organization's security auditing purposes.

2.4 Technical Data

We collect IP addresses, user agent strings, and session metadata for authentication and security purposes.

3. How We Use Information

  • To provide and operate the Service, including credential management, URL filtering, and policy enforcement
  • To authenticate users and maintain secure sessions
  • To provide organization administrators with activity reports and security alerts
  • To enforce organization-configured security policies (allowed sites, download blocking, screenshot protection)
  • To improve and maintain the reliability of the Service

4. Data Sharing

We do not sell, rent, or trade personal information to third parties. Browsing activity and credential data are accessible only to the organization administrator who manages the account. We may share data only in the following circumstances:

  • With your organization's administrators, as configured by your organization's policies
  • With service providers who assist in operating our infrastructure (hosting, database), under strict data processing agreements
  • When required by law, regulation, or legal process

5. Data Security

We implement industry-standard security measures to protect your data:

  • AES-256-GCM encryption for stored credentials with organization-specific encryption keys
  • Bcrypt password hashing for user account passwords
  • TLS encryption for all data in transit
  • Role-based access controls within organizations
  • Session management with configurable timeouts

6. Data Retention

Account data is retained for the duration of the organization's subscription. Activity logs are retained according to the organization's configured retention policy. Upon account deletion, all associated data including encrypted credentials, activity logs, and user records are permanently removed.

7. Chrome Extension

The Blinkr Chrome extension operates under these additional considerations:

  • The extension communicates only with the Blinkr server to fetch policies and report activity — no data is sent to any other third party
  • All extension code is bundled locally — no remote code is downloaded or executed
  • Credential injection occurs locally in the browser and credentials are held in memory only for the duration of the injection
  • The extension caches policies locally to function during brief network interruptions
  • URL filtering is enforced using Chrome's declarativeNetRequest API, which blocks requests without reading page content

8. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, or delete your personal data. As Blinkr is an organization-managed service, data requests should be directed to your organization's administrator in the first instance. For direct enquiries, contact us at the address below.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify organization administrators of material changes via email or through the admin dashboard. Continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact

If you have questions about this Privacy Policy or our data practices, please contact us at: privacy@blinkr.io