Website Accessibility
VPAT: WCAG, ADA, and 508 Standards
Blackthorn is AA compliant with its VPAT. The feature is accessed via the image below. To enable it, please contact our support team.

Blackthorn is AA compliant with its VPAT. The feature is accessed via the image below. To enable it, please contact our support team.
If you’d like to review the report, please click the button below.
CONTACT USSince Blackthorn stores no customer data (as it is stored in your own Salesforce ‘org’), Blackthorn does not fall within FedRAMP PII parameters. Blackthorn leverages AWS (Amazon Web Services), to surface event web pages like landing pages, registration pages, and calendars. We cache non-sensitive event data like event names, images, and dates on Postgres, hosted by AWS, for fast loading and reduced queries.
FedRAMP certified. Our US-accessed AWS instances for our applications are hosted on the “AWS US East-West” regions, that are within FedRAMP compliance.
GDPR – General Data Protection Regulation is a large set of policies that stem down to giving your end customers the right to be forgotten, either completely or on a selective basis, and of the handling of a customer’s PII. Blackthorn does not have a separate data store, all PII is stored in your own Salesforce environment. Management of customer data is managed by each organization we work with and not by Blackthorn, such as a customer asking to have their data removed. GDPR generally applies to European-based organizations and also to European-based customers.
HIPAA – Health Insurance Portability and Accountability Act compliance, in the context of Blackthorn, is similar to GDPR, in the customer data is only stored in your Salesforce environment. The handling of this data depends upon your organization’s policies.
PCI standards have different tiers of compliance. Blackthorn is PCI SAQ D compliant. Here is Blackthorn’s complete Attestation of Compliance, signed by a third-party auditor.
Broken down more specifically, all of our interfaces, such as our Events checkout, PayLink, DocumentLink, and our Virtual Terminal, all perform client-side tokenization, which means that the card details are sent directly from the user’s browser to the gateway. The card details never hit the database (Salesforce). Only the tokenized form of the card is then stored, which is a PCI-compliant approach.