Your data is safe with us
Our security standards
We’ve implemented a comprehensive set of information security and privacy policies and processes that meet the industry’s highest standards. HALEO is compliant with:
|AICPA SOC 2® - SOC for Service Organizations: Trust Services Criteria*|
|ISO 27001: 2013
Information security standard
|Health Insurance Portability and Accountability Act|
* The AICPA SOC 2 report covers the security, confidentiality, and availability trust service criteria and is available upon request.
Data centre security
The HALEO platform is hosted in Canada by MedStack, a public cloud infrastructure provider dedicated to medical data. MedStack regularly runs third-party validations for global compliance requirements, including AICPA SOC 2®, ISO 27001, and HIPAA
We use AES 256-bit encryption to secure stored data. Network traffic between client browsers, apps, and our servers is encrypted using TLS 1.2. We do not process or store credit card information. Instead, we use Stripe, a certified PCI-DSS Level 1 payment platform.
We regularly scan our application and infrastructure for security breaches. We perform external penetration testing on a biannual basis. Our security incident response team (SIRT) investigates and responds to security events reported by internal and external sources.
If you have reasons to believe that you have identified a security issue involving our mobile application or website, please contact firstname.lastname@example.org and include a proof of concept, the tools used, and the steps to reproduce it.
If you’re a pre-approved security researcher whose report is deemed critical, you may receive a bounty. Unapproved security researchers’ tests will not receive bounties.