Privacy Policy

What

Bluink Ltd. collects and stores website cookies and the data you submit on the Bluink website (https://bluink.ca) via our webforms (e.g., name and email address).


Why

Bluink Ltd. collects and stores the data above to contact you, complete demo requests, and send relevant information about security, identity, and Bluink’s solutions.


How

Bluink Ltd. stores this data in Agile CRM, which hosts it in Amazon and Google Clouds.


With whom

Bluink Ltd. and Agile CRM do not share this data with any third party.


How to opt out

You may unsubscribe from receiving emails at any time by clicking the unsubscribe link on an email or by emailing info@bluink.ca from your email address you provided with the subject line: unsubscribe.

You may request to have your data erased by emailing info@bluink.ca from your email address you provided with the subject line: erase.

What

The Bluink Key mobile app allows you to manage any personal information on your smartphone, including account usernames, passwords, credit card numbers, and many other types of information. However we do not collect or use any of the data that is input into the Bluink Key app.


Why

The personal information managed by Bluink Key is used for the primary purpose of making all of your logins easier to manage and more secure. You decide when and how to use the information. You own your personal information, and we believe that you should have full possession and control.


With whom

As we do not collect any of your personal information, we do not (and cannot) share or sell any personal information to third parties. You decide when the app releases information to applications on a connected computer. For example, you may decide to release a username and a password to a browser running on a connected computer in order to log into that service. The use of information that you release to these other applications will be governed by their privacy policies and terms.

You may also make encrypted backups of this information and store them in a location of your choosing.


How

Your personal information is stored in encrypted form using AES 256-bit encryption within the Bluink Key mobile app and is never transmitted over a network or stored on any server. Access to this information is restricted to only you and is protected by your Bluink Key phone's authentication (e.g., PIN, TouchID, pattern). The encryption is unlocked by your phone's authentication using a strong cryptographic key derivation function. Note: Do not disable your phone's authentication or you may be locked out of your Bluink Key app. We cannot access your Bluink Key app or the information you store within it.

When you do decide to use some of your information managed by the Bluink Key app, it is either:

  1. Transmitted directly to a connected computer via a Bluink Key over a mutually authenticated Bluetooth communication channel that is encrypted with AES 128-bit session keys; or
  2. Copied to a local paste buffer on your smartphone.

What

Bluink’s eID-Me solution allows you to enrol for and receive a digital identity on your smartphone which you can use for online and offline (in-person) transactions. During the enrolment process, identity information is collected from your identity documents (such as passport, driver’s licence, health card, etc.) along with a selfie captured from your smartphone camera, your mobile phone number, and the current location of your smartphone. This information is stored on the eID-Me server for a maximum of 48 hours, at which time it is erased. The information is erased sooner once an identity is issued to your smartphone.

The information that is securely stored on your smartphone once an identity is issued consists of a digital certificate and multiple identity claims (such as name, address, date of birth), which you can assert to third parties during transactions. This information is encrypted and bound to your smartphone’s local authentication (PIN, passcode, or biometric).

The only piece of information Bluink retains is your email address for support purposes.


Why

The collected information during enrolment is used for identity proofing purposes to see if you are eligible to receive a digital identity. Your selfie is compared against portraits supplied on your identity card photos or passport scans to ensure that your face matches the portraits. Your smartphone location is used to ensure that you are at your home address. These identity proofing checks ensure that an imposter is not trying to register as you.

Once an eID-Me digital identity is issued, the information stored on your smartphone allows you to interact with third parties who may need to know attributes about you. For example, an online store may need proof of your age to sell you a restricted good.


With whom

Some of the information (name, address, date of birth, mobile phone number) collected during enrolment may be sent to ESC Corporate Services Ltd. to check that the information is consistent with records that may reside in credit bureaus or mobile carriers.

Once an eID-Me identity is issued to your smartphone, you will always be notified of what information is being requested and by whom during a transaction. No information is released unless you approve its release. If you consent to release information, it will be sent to the requesting third party through the eID-Me identity service. Bluink does not store or track any of your information during transactions. A local, encrypted record of your transactions is retained within the eID-Me smartphone app for your convenience, which you can erase or disable at any time. The information that you release to these third parties will be governed by their privacy policies and terms.


How

Bluink does not have any of your personal information (except for your email address, which is used for support purposes). Once you receive an eID-Me digital identity, your personal information is securely stored on your smartphone using AES 256-bit encryption. Authentication to your smartphone is required to access your personal information in eID-Me.

Any requests from third parties for information about you will be displayed for your approval during a transaction. Only the information that you approve for release will be sent to the requesting third party.