HALEO services are completely private and safe. We ask for your data for a better assessment of your situation. To understand how we collect and manage your data, please consult our Privacy Policy.
Our security standards
We’ve implemented a comprehensive set of information security and privacy policies and processes that meet the industry’s highest standards. HALEO is compliant with:
 |
AICPA SOC 2® - SOC for Service Organizations: Trust Services Criteria* |
 |
ISO 27001: 2013 Information security standard |
 |
Health Insurance Portability and Accountability Act |
* The AICPA SOC 2 report covers the security, confidentiality, and availability trust service criteria and is available upon request.
Data centre security
The HALEO platform is hosted in Canada by MedStack, a public cloud infrastructure provider dedicated to medical data. MedStack regularly runs third-party validations for global compliance requirements, including AICPA SOC 2®, ISO 27001, and HIPAA
Data encryption
We use AES 256-bit encryption to secure stored data. Network traffic between client browsers, apps, and our servers is encrypted using TLS 1.2. We do not process or store credit card information. Instead, we use Stripe, a certified PCI-DSS Level 1 payment platform.
Security tests
We regularly scan our application and infrastructure for security breaches. We perform external penetration testing on a biannual basis. Our security incident response team (SIRT) investigates and responds to security events reported by internal and external sources.
If you have reasons to believe that you have identified a security issue involving our mobile application or website, please contact security@haleoclinic.com and include a proof of concept, the tools used, and the steps to reproduce it.
If you’re a pre-approved security researcher whose report is deemed critical, you may receive a bounty. Unapproved security researchers’ tests will not receive bounties.