Caro cares deeply about keeping our customers' and patients' data secure. Have questions or feedback? Feel free to reach out to us at firstname.lastname@example.org.
All of our services run in the cloud. We don’t host or run our own routers, load balancers, DNS servers, or physical servers. Our platform is built on Amazon Web Services. AWS provides strong security measures and is compliant with many certifications.
The Caro platform is built on AWS Lambda, SNS, and API Gateway, which are all serverless, so we do not run any traditional servers which could potentially be hacked. Our infrastructure is managed with AWS CloudFormation templates, and all infrastructure changes go through our deployment process which includes code review, automated deployment with GitLab, and automated testing with Puppeteer.
Network level security monitoring and protection
We use AWS Cloudfront in front of the API Gateway and our front-end assets to mitigate the risk of DDoS attacks.
Encryption in transit: All data sent to or from our infrastructure is encrypted in transit via industry best-practices using Transport Layer Security (TLS). You can see our SSLLabs report here.
Encryption for internal application communication: All internal communication is over encrypted SNS topics, and permissions for these topics are controlled with Cloud Formation templates.
Encryption at rest: All application persistence is on managed MongoDB Atlas databases, which encrypt all data at rest. Apart from temporarily storing phone numbers for invitations, we do not store personally identifiable information like phone numbers and passwords within the application - this information is stored in AWS Cognito, which satisfies the most stringent data security requirements.
Data retention and removal
We retain usage data for 9 years for historical reporting purposes. Users can request the removal of personally identifiable data by contacting email@example.com.
Business continuity and disaster recovery
We back up all our critical assets and regularly attempt to restore the backup to guarantee a fast recovery in case of disaster. All our backups are encrypted.
Caro does not manage a data center or individual servers, so compute and storage failures are handled transparently by AWS, and the lowest-level disaster that could affect the application would be the whole AWS eu-west-1 region becoming unavailable. If this were to happen:
* The application would be deployed into another region - this is relatively simple because the infrastructure is all managed with CloudFormation templates
* Database backups would be imported into the newly deployed environment
* DNS records would be updated to point to the new environment
While we don’t offer an SLA on this eventuality, our estimate is that the process would be completed in 12 hours
We run traffic watcher functions which analyze all internal application communication, identify failures and attempted security breaches, and notify us in real time.
We collect and store logs to provide an audit trail of application activity (see audit logging below).
Security in the software development process
All dependencies are audited as part of our automated build process, which will fail if a vulnerability is discovered. Every task is code reviewed for security vulnerabilities before it is merged, following security best practices and frameworks (OWASP Top 10, SANS Top 25). We plan to run quarterly scans by third-party security experts on our applications.
You can report vulnerabilities by contacting firstname.lastname@example.org. Please include a proof of concept with your submission. We will respond as quickly as possible and won’t take legal actions if you follow the rules.
Internal security policies
Access to infrastructure
2-factor authentication is required for access to our AWS and MongoDB Atlas accounts. Infrastructure in AWS, and databases in MongoDB Atlas, are accessed using specially created profiles with limited permissions.
The Caro application retains a full, immutable history of every action that results in a data change, including the user that made the change, the resource changed, the time of the change, and which interface was used to make the change. In addition a record of every action on the platform is kept for a limited period for analytics and data science purposes. Historical data is only deleted when a user exercises their right to be forgotten, or a customer terminates their contract.
Access control and multi-tenancy
The Caro application has strict access control checks leveraging an action-based access control mechanism, and a robust multi-tenancy implementation.
Caro is compliant to the General Data Protection Regulation (GDPR), including the right to be forgotten and data portability. The purpose of GDPR is to protect the private information of EU citizens and give them more control over their personal data. Feel free to reach out to us at email@example.com for more details on how we comply with GDPR, or have a look at our record of processing activities.
We are currently in the process of becoming HIPAA compliant, and will update this page once we are. The purpose of HIPAA is to protect the healthcare information of US citizens.