Security and trust

Security is our #1 priority.

Three Pillars of Security

Pillar 1: Infrastructure

  • Our base infrastructure is hosted on the highly secure Google Cloud Platform.
  • We partner only with those who meet our stringent security standards.
  • Your data is protected with industry-standard encryption, from your browser to our servers.

Pillar 2: Software Development

  • Security best practices are integral to our software design and coding processes.
  • Our software undergoes extensive testing to preclude potential issues.
  • Regular audits by external tech security firms ensure our software remains secure.

Pillar 3: Process

  • Our dedicated internal security team constantly monitors our systems and responds swiftly to any suspicious activity.
  • We adhere to HIPAA, SOC, and PCI compliance, setting high standards.
  • Our processes are designed to maintain accountability and earn your trust.

Additional Security Measures

World-Class Encryption

  • Bank-level encryption for all services and data, both in transit (TLS 1.2 and above) and at rest (via GCP).
  • HTTP Strict Transport Security (HSTS) enforced to ensure that browsers interact with our APIs only over secure protocols.

API Access Restriction and Auditing

  • All API calls are authenticated using Token-Based Bearer Authentication.
  • API access is logged and monitored for suspicious activity. Logging is available for export from the platform.

End-User Authorization and Access Controls

  • Sensitive operations require Multi-Factor-Authorization (MFA) using TOTP over SMS or Email.
  • Security Assertion Markup Language (SAML) 2.0 Single-Sign-On (SSO) is available and can be used by organizations to mandate their own sign-in and security requirements.
  • Role-Based-Access-Controls (RBAC) for adding team members and other privileged users.

Breach Notifications

  • In the rare event of a breach, our security team will secure member data and notify affected parties promptly.

Penetration Testing and Monitoring

  • Continuous monitoring for performance and security, complemented by periodic external audits.

Compliance Programs

  • Full compliance with HIPAA, SOC, and PCI standards.

High Availability

  • Our services are designed to be available 24/7/365.
  • Availability and Performance are monitored and reported on our Status Page.

Continuous Backups

  • Regular replication and backups of all data.

Privacy and Security Training

  • Comprehensive training for all employees on data handling best practices.

Data Isolation Policies

  • Advanced security layers for different levels of data sensitivity.