Overview

This document describes the security practices and policies for our software.

Code security

Static code analysis

We use Snyk for static code analysis. Snyk does code analysis on a weekly basis and reports any vulnerabilities found in the codebase. We use the Snyk CLI to scan the codebase for vulnerabilities for each pull request and when releasing the latest version of our software.

Monitoring

Application

We use sentry for both error monitoring and performance monitoring for both frontend and backend code.

Infrastructure

Compliance

CIS

HIPAA

Encryption

Rest

All data is stored encrypted at rest.

In transit

All data is encrypted in transit using TLS 1.2 or higher.

Secret Encryption

We follow best-practices by generating a data key for each secret which is used to encrypt the secret and is itself encrypted with a wrapping key that is stored on AWS KMS by default.

Overview

Code security​

Static code analysis​

Monitoring​

Application​

Infrastructure​

Compliance​

CIS​

HIPAA​

Encryption​

Rest​

In transit​

Secret Encryption​