At Hi Rasmus we are determined to prioritize security. Our infrastructure and the services running on it are designed to keep your data safe. We have a set of well-defined processes in place to ensure that all the data we collect is kept safe and managed according to HIPAA and GDPR regulations.
Hi Rasmus believes strongly in transparency. As a customer at Hi Rasmus, you have full insights into what we store, where we store it and how we manage it. We are happy to elaborate on any questions you might have regarding our security.
A secure platform
All data is encrypted both in transit and at rest. Database instances, including read replicas and backups are encrypted using the industry standard AES-256 encryption algorithm. Encryption is enforced via TLS to all data in transit. Our databases are hosted on Google Cloud Platform infrastructure, using Multi-AZ deployment for enhanced availability and durability. Only secure (HTTPS) access to Hi Rasmus website and app is enabled. As such, all non-secure HTTP requests are redirected for the HTTPS endpoint before they can be served.
Role based access control
Hi Rasmus has implemented a role based access control for resources authorization management. Each user is identified with a unique session and the user authorization scope is defined by the role associated with the user. Organization admin users can create and update roles and assign them to users, and full overview of which users have access to what.
Hi Rasmus uses Google Auth authentication protocol for user authentication.
Cloud Computing Services
Hi Rasmus uses Google Cloud Platform (GCP) for hosting and compute power of our application. GCP demonstrate SSAE-18 SOC 1, 2 and 3, ISO 27001 reports and certifications as well as HIPAA compliance. Application web servers and databases run on servers in secure data centers located in Europe. Data centers outside Europe will only be used if explicitly required by a client. Read more about Google Cloud Platform Security and Certifications.
The Hi Rasmus website is hosted by Bluehost. The website and other cloud computing services managed by Bluehost does not store, transmit or process any client- or patient information.
To maintain a robust disaster recovery strategy, Hi Rasmus uses Google Cloud Platform automated backups which allows us secure backups as well as quick recovery. We test our backup recovery regularly.