close

Security and privacy

Our team values your privacy

At Track.Health, we put our users first. We are committed to providing a secure platform to all users. Protecting you is our priority.

Hospital Grade Security

Our team has more than 10 years of experience in developing hospital-grade software and data management systems that leverage modern, secure web frameworks.

Your information is fully encrypted, both in transit and at rest using industry-standard SSL certificates and data encryption mechanisms (e.g., AES 256).

You’re in control

You control who sees your data, and what they can use it for. You can choose to share data with other people living with similar conditions,  family members, and with researchers worldwide.

For science, not sales

Unlike digital and social media platforms, the goal of this effort is to advance science to benefit all people living with rare conditions. We do not market products or services and your contact information will never be shared with third parties.

Best-in-class security

 

Physical security

Track.Health’s infrastructure and applications are hosted in a private networking space in the Amazon Web Services (AWS). Our main servers are located in Sydney, Australia. They are compliant with best-in-class industry security and privacy standards.

 

Network security

Our environments are hosted in workload-specific Virtual Private Clouds (VPCs) in Amazon Web Services – providing a clear separation of concernsbetween production, staging and development. Overall architecture has been attested to follow the AWS Best Architected guidelines, including:

  • Privately configured networking subnets
  • No inbound internet traffic allowed on the private subnets
  • No public IP addresses assigned to application servers
  • Strict ingress access to application servers via AWS-managed and maintained load balancers
  • Tight security groups control inbound and outbound access to the servers
  • Firewalls, Intrusion Detection Systems, Web Application Firewalls, and other security state of the art perimetral controls installed at the edge locations to provide an additional layer of internal and external network security.

 

Best practices in coding

Our team employs best practice secure coding techniques. We have
safeguards in place to detect common attacks such as SQL injection and
cross-site scripting. We actively review our code for potential security
concerns and evaluate all user feedback.

 

Fighting against spam

Automated spam is a plague for online platforms and is a major
annoyance to many admins. We integrate our platform with Google’s
reCAPTCHA 3. This integration gives you tools to ensure your users are
human and our multiple coding checks along the process verify that your
responses are coming from actual people using a web browser.

 

Zero downtime during production releases

Our team has adopted an Agile methodology in software development, with changes reviewed for performance, audit, and security purposes before being applied to the production environment. Moreover, our fully automated CI/CD pipeline enables us to achieve zero downtime during production releases.

 

Business continuity

Track.Health has concrete contingency and business continuity plans defined according to the risks analysis performed. In the event of a disaster, the specific contingency plan is ready to enable the continuation of critical business processes while protecting the integrity of the data while an organization operates in emergency mode.

 

Security monitoring and auditing

Application, infrastructure and systems logs are stored in a centrally managed repository for monitoring, troubleshooting, security reviews, andanalysis by authorized personnel. Logs are preserved in accordance with regulatory requirements to assist in the case of a security incident.

 

Third-party security testing

Our applications and infrastructure are periodically tested by best-in-class security organizations. Vulnerabilities and findings are fixed accordingly inorder to meet the strict criteria imposed by these organizations. Each cycle of penetration testing is accompanied by an attestation certificate – which we can provide on request.