Easyblog users have entrusted us to host their blogs and we make it a priority to take our users’ security and privacy concerns seriously. We strive to ensure that user data is handled securely. Easyblog uses some of the most advanced technology for Internet security that is commercially available today. This Security Statement is aimed at being transparent about our security infrastructure and practices, to help reassure you that your data is appropriately protected. Visit our privacy policy for more information on data handling.

User Security

  • Server Security: Easyblog servers are configured to be as secure as possible.  
  • Database Security: Our database servers are on private networks and not accessible over the internet. Our school wide setup isolates each school from each other using their own installation of our software and separate databases.
  • Passwords: All passwords are individually salted and hashed.
  • Privacy: We have a comprehensive privacy policy that provides a very transparent view of how we handle your data, including how we use your data, who we share it with, and how long we retain it.
  • Data Residency: All Easyblog user data is stored on servers located in the United States.

Physical Security

All Easyblog information systems and infrastructure are hosted in world-class data centers. These data centers include all the necessary physical security controls you would expect in a data center these days (e.g., 24×7 monitoring, cameras, visitor logs, entry requirements).


  • Connectivity: Fully redundant IP network connections with multiple independent connections to a range of Tier 1 Internet access providers.
  • Power: Servers have redundant internal and external power supplies. Data centers have backup power supplies, and are able to draw power from the multiple substations on the grid, several diesel generators, and backup batteries.
  • Uptime: Continuous uptime and performance monitoring.  We employ multiple methods of alerting in the event of a failure. 
  • Failover: Our database is replicated in real-time and can failover.

Network Security

  • Testing: System functionality and design changes are verified in an isolated test “sandbox” environment and subject to functional and security testing prior to deployment to active production systems.
  • Firewalls: Firewalls restrict access to all ports except 80 (http) and 443 (https).  As well as DDoS protection and monitoring.
  • Access Control: 2FA (two-factor authentication), and role-based access is enforced for systems management by authorized engineering staff.
  • Logging and Auditing: Central logging systems capture and archive all internal systems access including any failed authentication attempts.
  • Encryption in Transit: By default, our survey collectors have Transport Layer Security (TLS) enabled to encrypt respondent traffic. All other communications with the Easyblog website are sent over TLS connections, which protects communications by using both server authentication and data encryption. This ensures that user data in transit is safe, secure, and available only to intended recipients. Our application endpoints are TLS only and score an “A” rating on SSL Labs tests.  Every installation of our schoolwide solution also meets this high standard.

Vulnerability Management

  • Patching: Latest security patches are applied to all operating systems, applications, and network infrastructure to mitigate exposure to vulnerabilities.
  • Third Party Scans: Our environments are continuously scanned using best of breed security tools. These tools are configured to perform application and network vulnerability assessments, which test for patch status and basic misconfigurations of systems and sites.

Organizational & Administrative Security

  • Access: Access controls to sensitive data in our databases, systems, and environments are set on a need-to-know / least privilege necessary basis.
  • Audit Logging: We maintain and monitor audit logs on our services and systems.
  • QA and Testing: All changes will be thoroughly tested by our developers and quality assurance team.
  • Scheduled Maintenance Window: We perform all scheduled updates to production services at the weekend. 

Handling of Security Breaches

Despite best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, if Easyblog learns of a security breach, we will notify affected users as soon as possible so that they can take appropriate steps. Our breach notification procedures are consistent with our obligations under various state and federal laws and regulation, as well as any industry rules or standards that we adhere to. Notification procedures include providing email notices, posting a notice on our website or various forms of social media if a breach occurs.

Security Vulnerability Reporting Policy

Easyblog values the work done by security researchers in improving the security of our products. We are committed to working with this community to verify, reproduce, and respond to legitimate reported vulnerabilities.

If you are a security researcher and would like to report a security vulnerability, please submit a ticket under the type "Vulnerability Report", our system will automatically assign it to the correct engineers and with the highest priority. Please provide your name, contact information, and company name (if applicable) with each report.

Responsible Disclosure Guidelines

We will investigate legitimate reports and make every effort to quickly correct any vulnerability. To encourage responsible reporting, we commit that we will not take legal action against you or ask law enforcement to investigate you if you comply with the following Responsible Disclosure Guidelines:

  • Provide details of the vulnerability, including information needed to reproduce and validate the vulnerability and a Proof of Concept (POC)
  • Make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our services
  • Do not modify or access data that does not belong to you
  • Give us a reasonable time to correct the issue before making any information public

We will attempt to respond to your report within 1-2 business days.

Your Responsibilities

Keeping your data secure also depends on you ensuring that you maintain the security of your account by using sufficiently complicated passwords and storing them safely. You should also ensure that you have sufficient security on your own systems.