Our team has more than 10 years of experience in developing hospital-grade software and data management systems that leverage modern, secure web frameworks.
Your information is fully encrypted, both in transit and at rest using industry-standard SSL certificates and data encryption mechanisms (e.g., AES 256).
You control who sees your data, and what they can use it for. You can choose to share data with other people living with similar conditions, family members, and with researchers worldwide.
Unlike digital and social media platforms, the goal of this effort is to advance science to benefit all people living with rare conditions. We do not market products or services and your contact information will never be shared with third parties.
Track.Health’s infrastructure and applications are hosted in a private networking space in the Amazon Web Services (AWS). Our main servers are located in Sydney, Australia. They are compliant with best-in-class industry security and privacy standards.
Our environments are hosted in workload-specific Virtual Private Clouds (VPCs) in Amazon Web Services – providing a clear separation of concernsbetween production, staging and development. Overall architecture has been attested to follow the AWS Best Architected guidelines, including:
Our team has adopted an Agile methodology in software development, with changes reviewed for performance, audit, and security purposes before being applied to the production environment. Moreover, our fully automated CI/CD pipeline enables us to achieve zero downtime during production releases.
Track.Health has concrete contingency and business continuity plans defined according to the risks analysis performed. In the event of a disaster, the specific contingency plan is ready to enable the continuation of critical business processes while protecting the integrity of the data while an organization operates in emergency mode.
Application, infrastructure and systems logs are stored in a centrally managed repository for monitoring, troubleshooting, security reviews, andanalysis by authorized personnel. Logs are preserved in accordance with regulatory requirements to assist in the case of a security incident.
Our applications and infrastructure are periodically tested by best-in-class security organizations. Vulnerabilities and findings are fixed accordingly inorder to meet the strict criteria imposed by these organizations. Each cycle of penetration testing is accompanied by an attestation certificate – which we can provide on request.