Application upgrades do not affect end-user availability due to our rolling deployment strategy, which ensures that traffic is never interrupted.
Keeping client data protected is our top priority. Our applications are HIPAA-compliant: all data is protected both in transit and at rest.
Our applications run on AWS (Amazon Web Services), the battle-tested, industry-leading cloud provider, and we have a business associate agreement (BAA) with AWS for our HIPAA compliant workload.
Databases are encrypted at rest using industry-standard AES-256 encryption, and encryption keys are managed by AWS with restricted access to a handful of senior staff.
Our application servers and databases are redundantly distributed throughout AWS AZs (Availability Zones), which guarantee high availability in the unlikely event that an AWS data center has an outage.
Application performance and usage metrics are monitored 24/7. Automated alerts are sent to engineering staff if any application metrics exceed acceptable limits.
All data is secured in-transit by always using HTTPS for communication.
Network access to application servers is restricted by a private subnet, which can't be reached directly from the internet.
While we work hard to make sure our platform is completely secure, 3rd party auditing is a crucial part of defensive programming and ensures reliability and security across any range of unforeseen circumstances.
We contract regular independent code audits, to find any security vulnerabilities in our system. Our system is exposed to internal/external network penetration testing, as well as manual penetration on the application. Intrusion detection, such as our lock-out system, monitors account activity to scan for malicious activity.
We know protecting your account information and log-in is a priority. Because of this, we’ve deployed multiple techniques to secure account data.
In order to prevent hacking into accounts through brute force, we’ve instituted a temporary password lockout after five failed login attempts. Important credentials are stored using salting and hashing techniques, going beyond basic encryption protection.