Kyo Health Web application security practices
At Kyo Health, we prioritize the security and privacy of our customers. We have implemented comprehensive and robust security measures to safeguard the information of our users and protect our web application from unauthorized access, use, disclosure, disruption, modification, or destruction.
Data Protection
We encrypt data in transit using Secure Sockets Layer (SSL) or Transport Layer Security (TLS), ensuring that data cannot be intercepted or tampered with during transmission. Data at rest is also encrypted using high-standard encryption methods, keeping all customer data secure on our servers.
Data storage
All datastores with customer data is stored in Microsoft Azure -- a secure cloud-based storage solution. Data is encrypted at rest and in transit. All sensitive collections and tables also use row-level encryption. We also use Microsoft Azure Key Vault to manage and control access to encryption keys.
Data in transit
We use TLS 1.2 or higher everywhere data is transmitted over potentially insecure networks. We also use features such as HTTS to maximize the security of our data in transit. Server TLS keys and certificates are managed by Microsoft Azure Key Vault. by Microsoft Azure Key Vault.
Secret management
We use Microsoft Azure Key Vault to manage and control access to encryption keys, passwords, and other secrets. We also use 1Password to encrypt keys and small secrets like passwords that use keys stored in hardware security modules. Access to Azure Key Vault is restricted to a small number of authorized users.
Security is our priority
Infrastructure
Our servers are hosted in a secure data center with strong physical and electronic security measures. These data centers are SOC 2 Type II certified, ensuring that they meet the high standards required for system availability, processing integrity, confidentiality, and privacy.
Access Control
Access to customer data within our organization is limited on a need-to-know basis. All employees have unique login credentials and their access to data is regularly reviewed and revoked when no longer necessary. Two-factor authentication is enforced for all system access.
Application Security
Our web application has multiple layers of security to prevent common web attack vectors. This includes defenses against SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF). Regular penetration testing and security audits are conducted to ensure the ongoing security of the application.