360 Feedback That Protects Client Confidentiality

Air-gapped deployment. Zero cloud dependencies. Built for professional services.

Deploy Behind Your Firewall See Security Architecture
100%
On-Premises
Zero
Cloud Dependencies
ISO
Compliance Ready

Why Cloud-Based Tools Are Unacceptable for Your Firm

Client contracts and compliance requirements demand better

Cloud HR Platforms

  • Client data potentially exposed in shared database
  • Third-party access to employee information
  • Cannot meet air-gapped requirements
  • Vendor security breaches affect your firm
  • Unknown subprocessors and data locations
  • Contractual prohibition on cloud services

Blik Air-Gapped

  • Deploy behind your firewall, no external access
  • Zero third-party data sharing by design
  • Fully functional without internet connection
  • Your infrastructure, your security controls
  • No subprocessors, no external dependencies
  • Meets strictest client requirements

Security Architecture for Professional Services

Designed for firms with the highest confidentiality requirements

Complete Data Isolation

Deploy on your internal network with no external connectivity. All data stays within your security perimeter. No cloud services, no external APIs, no internet access required. Perfect for law firms, healthcare providers, and financial advisors.

Zero Third-Party Access

No vendor access to your deployment. No support backdoors. No telemetry or analytics sent anywhere. Your IT team has complete control. Audit the open source code yourself to verify security claims.

Client Audit Ready

Demonstrate technical controls to demanding clients. Architecture diagrams included. Data flow documentation provided. Open source allows client security teams to review code. Passes third-party security questionnaires.

Reviewer Anonymity Guaranteed

Technical architecture prevents identity tracking. Token-based access with no authentication logs. Configurable minimum response thresholds. Protects both reviewers and reviewees in sensitive firm environments.

Compliance Documentation

Includes templates for ISO 27001, SOC 2, and GDPR documentation. Security control descriptions ready for compliance frameworks. Data processing documentation for client audits. Privacy impact assessment materials provided.

Internal SMTP Only

Configure with your internal mail server. No external email services required. All email stays within your network. Support for Exchange, Office 365 on-premises, or any SMTP server you control.

Secure, Professional Interface

Review Cycle Tracking - Light Theme Review Cycle Tracking - Dark Theme
Hover to toggle theme

Anonymous invitation links ensure reviewer identities are never tracked or stored

Anonymous Feedback Reports - Light Theme Anonymous Feedback Reports - Dark Theme
Hover to toggle theme

Professional reports with anonymity protection built-in

Built for Your Industry

Trusted by firms with the highest confidentiality standards

Law Firms

Requirements Met: Attorney-client privilege protection, ABA ethics compliance, conflict check isolation, partner compensation confidentiality, client audit requirements met.

Typical Setup: Air-gapped deployment behind firm firewall. Internal SMTP only. Managed by firm IT. Review cycles for attorneys, paralegals, support staff.

Healthcare & Life Sciences

Requirements Met: HIPAA compliance readiness, patient data separation, clinical confidentiality, FDA validation support, protected health information isolation.

Typical Setup: Deployed in healthcare network. No PHI stored in system. Clinical and administrative staff reviews. Integration with internal directories.

Financial Services

Requirements Met: FCA/SEC examination readiness, client confidentiality, Chinese Wall compliance, market abuse prevention, audit trail requirements.

Typical Setup: Segregated network deployment. Compliance-approved configuration. Detailed audit logs. Support for multiple legal entities within one firm.

Management Consulting

Requirements Met: Client confidentiality agreements, conflict of interest controls, engagement team isolation, proprietary methodology protection, NDA compliance.

Typical Setup: Project-based review cycles. Partner and consultant assessments. Integration with resource management. Protected behind VPN.

Accounting & Tax

Requirements Met: Client privilege protection, professional standards compliance, quality control requirements, peer review preparation, ethics standards.

Typical Setup: Separate staff and partner reviews. Technical competency assessments. Annual review cycles aligned with promotion timelines. Audit-ready documentation.

Government Contractors

Requirements Met: Classified information isolation, ITAR/EAR compliance, government security standards, FedRAMP-equivalent controls, audit requirements.

Typical Setup: Deployed on classified networks. No external connectivity. Government-approved encryption. Complete access control logging.

Deployment Options for Maximum Security

Three deployment modes to match your security requirements

Air-Gapped (Highest Security)

Setup: Internal server, no internet access, manual report generation

Best For: Law firms, defense contractors, highly regulated industries

Features: Complete isolation, no external dependencies, passes strictest client audits

Firewall-Protected (High Security)

Setup: Internal server with restricted outbound access for email

Best For: Healthcare, financial services, mid-size professional firms

Features: Controlled external access, email invitations work

Private VPN (Moderate Security)

Setup: Cloud server accessible only via firm VPN

Best For: Consulting firms, accounting firms with remote teams

Features: Remote access for distributed teams, still fully isolated from public internet

All Deployment Modes Share Core Benefits

Self-hosted infrastructure • No third-party access • Open source auditability • Your security controls • Client requirement compliance

Compliance Framework Support

Documentation and controls for major compliance standards

Compliance Standard Blik Support Key Controls Satisfied
ISO 27001 ✓ Documentation Provided Access control, encryption, audit logging, data classification, incident response
SOC 2 ✓ Control Templates Security, availability, confidentiality, privacy, processing integrity
GDPR ✓ Fully Compliant Data residency, subject rights, privacy by design, DPA not required
HIPAA ✓ BAA Template Access controls, audit logs, encryption, PHI separation guidance
FedRAMP ✓ Control Mapping Self-hosting enables government cloud requirements
PCI DSS ✓ Network Isolation Segmentation, access control, encryption, no cardholder data stored

Compliance Resources

Essential compliance framework documentation:

  • ISO 27001 - Information security management
  • SOC 2 - Service organization controls
  • HIPAA - Healthcare privacy regulations
  • FedRAMP - Federal risk and authorization management

Cost Comparison for Professional Services

Why spend 50,000+ EUR per year on cloud tools you cannot use?

Cloud Tools You Cannot Use

Lattice: 8-12 EUR/user/month
Culture Amp: 10-15 EUR/user/month
15Five: 6-10 EUR/user/month

Problem: Cannot meet your client confidentiality requirements

Manual Spreadsheet Process

Cost: Partner time, admin overhead
Time: 20-40 hours per review cycle
Issues: Error-prone, not anonymous, hard to aggregate

Problem: Unprofessional and time-consuming

Blik Self-Hosted

Licensing: 0 EUR (open source)
Server: 100-200 EUR/month
Time: 2 hours setup, 1 hour per cycle

Solution: Professional, compliant, cost-effective

25-Person Firm Calculation

Commercial Tool: 3,000 EUR/year | Manual Process: 8,000 EUR (partner time) | Blik: 1,200 EUR/year (server only) | Savings: 2,000-7,000 EUR annually

Technical Questions from IT and Compliance Teams

Can this run completely offline without any internet access?

Yes. For air-gapped deployment: 1) Use internal SMTP server for emails, 2) Deploy on internal Linux server. No external connectivity required. System is fully functional offline. Perfect for classified environments or firms with zero-trust policies.

What are the infrastructure requirements?

Minimum: 4GB RAM, 2 vCPU, 40GB storage for up to 100 employees.

Recommended: 8GB RAM, 4 vCPU, 100GB storage for 200+ employees with historical data.

OS: Ubuntu 22.04+ or RHEL 8+.

Database: PostgreSQL 15+ (included in Docker setup). Scales vertically as needed.

How do we meet client security audit requirements?

Blik provides: 1) Architecture diagrams showing data flows, 2) Technical documentation of security controls, 3) Access to full source code for review, 4) Templates for common compliance frameworks (ISO 27001, SOC 2, GDPR), 5) Audit log exports from database. Open source means clients can verify security themselves.

Can we integrate with our Active Directory or LDAP?

LDAP integration is on the roadmap but not currently implemented. For now, admins use Django's built-in authentication. Since reviewers never log in (token-based access), only admin accounts need management. For firms requiring LDAP, you can modify the authentication backend in the open source code or wait for the next major release.

How is reviewer anonymity technically guaranteed?

Architecture prevents identity tracking: 1) Tokens contain no identifying information (UUID only), 2) No login required for reviewers, 3) Responses stored without token reference after submission, 4) Configurable minimum thresholds (e.g., 3+ peers before showing results), 5) No IP logging in production mode. Anonymity is architectural, not policy-based.

What backup and disaster recovery options exist?

PostgreSQL backup strategies: 1) pg_dump for point-in-time backups, 2) WAL archiving for continuous backup, 3) Streaming replication for high availability. Store backups on your SAN, tape, or segregated network. All backup data remains in your control. Restoration tested and documented. RTO typically under 1 hour.

How do we handle GDPR right to erasure requests?

Direct database access allows full control. Django admin includes employee deletion. For complete erasure: 1) Identify employee records in database, 2) Run provided deletion scripts, 3) Remove from backups (or note in retention log), 4) Document deletion for audit. Typically completed in under 15 minutes. Maintained audit trail proves compliance.

Implementation Process for Professional Services

Typical deployment timeline for firms

Week 1: Planning

Activities: IT reviews documentation, Security approves architecture, Compliance maps to requirements, Partner sponsors identified

Deliverables: Deployment plan, security assessment, compliance checklist

Week 2: Deployment

Activities: Provision internal server, Deploy Docker containers, Configure SMTP and settings, Import employee list

Deliverables: Running system, admin access, initial testing complete

Week 3: Pilot

Activities: Run pilot review cycle with one department, Gather feedback, Adjust anonymity thresholds, Train administrators

Deliverables: Pilot report, user feedback, configuration refinements

Week 4: Rollout

Activities: Announce to full firm, Create review cycles, Send invitations, Generate reports

Deliverables: Firm-wide review complete, Reports delivered, Process documented

Most Firms Complete Deployment in 2-3 Weeks

Includes security review, compliance approval, and pilot testing. Much faster than 8-12 week implementations for commercial tools.

Deploy Behind Your Firewall Today

Protect client confidentiality while modernizing performance reviews.

Self-Host (Free) Or Try Hosted

Need Maximum Privacy? Self-Host for Free

For air-gapped deployments and complete data control, our open-source version is perfect. Or if GDPR-compliant EU hosting meets your needs, try our managed option at €49/month.

View All Options

Trusted by law firms, healthcare providers, and financial advisors