We’re serious about safeguarding data
We’re serious about safeguarding data
Protecting personal information is our top priority. For the sake of our users and customers, we don’t compromise or cut corners when it comes to data security. As part of that commitment, we operate with the utmost transparency. The following overview provides a high-level look at the ever-evolving security practices we have in place.
GDPR – By complying with GDPR we prove our commitment to protecting personal information and enforcing a consent based model to personal data processing.
HIPAA – By complying with HIPAA we show our determination towards maintaining high healthcare security and privacy standards and make no compromises with patients data.
Powered by Amazon Web Services (US & UK) we keep all data encrypted both in rest and in transit using best-in-breed security algorithms such as RSA4096, SHA256 and AES256. Data sent to or from our infrastructure is encrypted in transit via industry best-practices using Transport Layer Security (TLS).
With end-to-end encryption at every stage – at rest, in transit, or in cloud storage – Vira Health products ensure your data is always safe, secure, and private. Our consent-based model gives people control over their personal and protected health information.
Our work on security and privacy efforts does not have an end; it’s a continuous cycle of researching, revising, implementing, testing, fixing, scaling, blocking, and permissioning. We are constantly working to meet and exceed what is asked of us from regulators, investors, partners, and users, and we collectively live the security processes on a daily basis. Security and privacy are integral to our culture.
We retain your data in accordance with the applicable laws and regulations: we keep your data for no longer than necessary for the purposes for which the personal data is processed. After you stop using our services, we might have to keep your data for a longer period of time due to legal or regulatory purposes. When we can remove your data, we will either delete it or anonymise it so it can no longer be linked to you.
All of our services run in Amazon Web Services - US regions for US customers, EU regions for UK customers. We don’t host or run our own infrastructure such as: routers, load balancers, DNS servers, or physical servers. AWS regularly undergo independent verification of security, privacy, and compliance controls against the following standards: ISO/IEC 27001, ISO/IEC 27017, SOC 1, SOC 2, SOC 3, PCI DSS, HIPAA, CSA Star, FedRAMP, and many others. You can read more about their practices here https://docs.aws.amazon.com/whitepapers/latest/aws-risk-and-compliance/welcome.html
Protecting customer data from modern threats means our products must be developed with security in mind. The following practices ensure the highest level of security in our software:
- Applying a Software Development Plan (SDP) which focuses on incorporating security into the development cycle
- Developing and continuously maintaining a corporate culture dedicated to security
- Developers participate in regular security training to learn about common vulnerabilities, threats and secure coding best practices
- We review our code for security vulnerabilities
- We regularly update our backend infrastructure and software and make sure none of them have known vulnerabilities
- We use static application security testing (SAST) to detect basic security vulnerabilities in our codebase
- We conduct regular external penetration tests on our production environments
- Our application security monitoring and protections solutions allow us the visibility to:
- Identify attacks and respond quickly to a data breach
- Monitor exceptions and logs and detect anomalies in our applications
- Collect and store logs to provide an audit trail of our applications activity
Our network consists of multiple security zones, which we monitor and protect with trusted and next-generation firewalls, including IP address filtering, to insure against unauthorized access. We deploy an intrusion detection and/or prevention solution (IDS/IPS) that monitors and blocks potential malicious packets as well as distributed denial of service (DDoS) mitigation services powered by an industry-leading solution.
If you discover vulnerabilities in our application or infrastructure, we ask that you alert our team by contacting privacy@vira.health. Please include a proof of concept in your email. We will respond as quickly as possible to your submission and won’t take legal action if you follow the responsible disclosure process:
- Please avoid automated testing and only perform security tests with your own data
- Please include a proof of concept in your email
- Do not disclose any information regarding the vulnerabilities until clear approval is given
Ensuring that your organization’s mission-critical data has one of the highest levels of availability, leveraging data centers that provide redundant HVAC, network and UPS systems.
Data centers are physically defended 24/7 by security personnel and video surveillance, while on-site entry requires key card access. Strict access control measures ensure that only authorized personnel have access to the data center.
Equipped with UPS and backup diesel-generators, data centers can provide a continuous supply of electricity through undefined power outages of up to 48 hours. HVAC, fire detection and suppression systems, alarms, and monitoring by surveillance cameras (CCTV).
The global nature of our data center network means your data will be stored in most appropriate location, ensuring regulatory compliance and connectivity requirements are met.
