First things first
We keep our own private family information on CareZone, right alongside yours. We’re not just the pilots at CareZone, we’re also passengers.
How we protect your data
Just like you, we take the security and durability of your data very seriously. We use many of the same techniques that are standard at banks and major corporations to protect our systems.
All communication between your web browser and our system is encrypted, so when you’re on an insecure network at an airport or coffee shop, nobody listening in can snoop on your data.
Our storage and servers are redundant, so if something fails we can recover quickly. Data is written into multiple places immediately, and we make encrypted offsite backups several times a day. Uploaded files are stored in Amazon’s S3 storage system, which is an industry leader in security and reliability.
To protect against accidental disclosure, we use government-standard AES encryption when data is at rest.
Our application servers are on a private network, isolated from the Internet. They reside in a physically secure datacenter which is monitored 24 hours a day. We keep up-to-date with security patches and reported vulnerabilities.
In addition to protecting against external threats, we’ve adopted policies and procedures to avoid exposing your data even inside CareZone. Of course, we must comply with valid legal requests, such as a court order, but otherwise we won’t look at or disclose your data unless you tell us to.
If you’re having a problem that requires us to access your account, we will always ask first.
Third party services
In addition to storing data on Amazon’s S3 services, we use a few third-party services.
Some of these services help us monitor quality and improve features. For example, we track the performance of pages on the site using New Relic, and we gather usage data with Mixpanel and similar services. In these cases we ensure that no personally-meaningful data is transmitted to the external service. (For example, we may track that you created a medication, but none of the actual data about the medication.)
If there’s a problem
As at any company, fallible human beings do all the work at CareZone. And despite the care we take, we can’t pretend we won’t ever make a mistake or be hit by a zero-day vulnerability (one that no one knows about until it’s exploited by the bad guys). Should that happen, we will:
- Respond quickly to protect the system from any security vulnerabilities or breaches.
- Notify any affected customers as soon as we understand the scope of the issue. (Please understand that responding to the problem may temporarily take priority over notification.)
- Work to understand and fix the root cause of the problem to ensure that it never happens again.
Reporting a problem
If you feel your account may have been compromised, or you discover abuse or misuse of CareZone, please report it immediately on our support page or send an email to firstname.lastname@example.org and we’ll investigate.
If you’re a security researcher who’s discovered an issue, please see our security response page for our reporting procedure.
Thank you for using CareZone. We’re working very hard to make this the safest place for your — and our — families.