At Hi Rasmus we are determined to prioritize security. Our infrastructure and the services running on it are designed to keep your data safe. We have a set of well-defined processes in place to ensure that all the data we collect is kept safe and managed according to HIPAA and GDPR regulations.

Hi Rasmus believes strongly in transparency. As a customer at Hi Rasmus, you have full insights into what we store, where we store it and how we manage it. We are happy to elaborate on any questions you might have regarding our security.

A secure platform

Encryption
All data is encrypted both in transit and at rest. Database instances, including read replicas and backups are encrypted using the industry standard AES-256 encryption algorithm. Encryption is enforced via TLS to all data in transit. Our databases are hosted on Google Cloud Platform infrastructure, using Multi-AZ deployment for enhanced availability and durability. Only secure (HTTPS) access to Hi Rasmus website and app is enabled. As such, all non-secure HTTP requests are redirected for the HTTPS endpoint before they can be served.

Application Security

Role based access control
Hi Rasmus has implemented a role based access control for resources authorization management. Each user is identified with a unique session and the user authorization scope is defined by the role associated with the user. Organization admin users can create and update roles and assign them to users, and full overview of which users have access to what.

User Authentication

Hi Rasmus uses Google Auth authentication protocol for user authentication.

Infrastructure Security

Cloud Computing Services
Hi Rasmus uses Google Cloud Platform (GCP) for hosting and compute power of our application. GCP demonstrate SSAE-18 SOC 1, 2 and 3, ISO 27001 reports and certifications as well as HIPAA compliance. Application web servers and databases run on servers in secure data centers located in The United States, Canada, Europe and Australia. We only store data within the region of the individual customers. Read more about Google Cloud Platform Security and Certifications.

Website
The Hi Rasmus website is hosted by Strattic. The website and other cloud computing services managed by Strattic does not store, transmit or process any client- or patient information.

Backups
To maintain a robust disaster recovery strategy, Hi Rasmus uses Google Cloud Platform automated backups which allows us secure backups as well as quick recovery. We test our backup recovery regularly.

.