SECURITY AND DATA PROTECTION

How we safeguard your data

The

Engine

Seamless Upgrades

Application upgrades do not affect end-user availability due to our rolling deployment strategy, which ensures that traffic is never interrupted.

AWS Partnership

Our applications run on AWS (Amazon Web Services), the battle-tested, industry-leading cloud provider, and we have a business associate agreement (BAA) with AWS for our HIPAA compliant workload.

High Availability

Our application servers and databases are redundantly distributed throughout AWS AZs (Availability Zones), which guarantee high availability in the unlikely event that an AWS data center has an outage.

Application Connectivity

All data is secured in-transit by always using HTTPS for communication.

Encryption

Keeping client data protected is our top priority. Our applications are HIPAA-compliant: all data is protected both in transit and at rest.

Databases

Databases are encrypted at rest using industry-standard AES-256 encryption, and encryption keys are managed by AWS with restricted access to a handful of senior staff.

24/7 Monitoring

Application performance and usage metrics are monitored 24/7. Automated alerts are sent to engineering staff if any application metrics exceed acceptable limits.

Private Subnet

Network access to application servers is restricted by a private subnet, which can't be reached directly from the internet.

3rd Party Audits

While we work hard to make sure our platform is completely secure, 3rd party auditing is a crucial part of defensive programming and ensures reliability and security across any range of unforeseen circumstances. 

We contract regular independent code audits, to find any security vulnerabilities in our system. Our system is exposed to internal/external network penetration testing, as well as manual penetration on the application. Intrusion detection, such as our lock-out system, monitors account activity to scan for malicious activity. 

 

Account Protection

We know protecting your account information and log-in is a priority. Because of this, we’ve deployed multiple techniques to secure account data. 

In order to prevent hacking into accounts through brute force, we’ve instituted a temporary password lockout after five failed login attempts. Important credentials are stored using salting and hashing techniques, going beyond basic encryption protection.