Your Privacy and Data Security Matters
Your personal health, medical and emergency contact details are sensitive and private information, and we’ll keep it that way. CareMonkey is a secure site, designed with privacy and security as our highest priorities. We apply stringent processes to keep your data safe throughout design, development, testing and day to day operations.
- CareMonkey will NEVER share or rent your data to anyone without your consent.
Account and Password Protection
- Your account is always password (or fingerprint) protected, and we utilize strong password policy and non-reversible hashing for storage of the password.
- You have the additional security option to enable Two-Step Verification, (also know as Two-Factor Authentication) which prevents anyone from accessing your account without possessing your physical device.
- The security sub-layer is capable of detecting an anomaly within the system to proactively prevent malicious activities and alert our security staff.
- CareMonkey will always notify you by email when your account has been accessed from a new device.
- CareMonkey uses military level security – the highest standards in Internet and data security.
- Data is always encrypted at rest and in transit.
- Our security layers include strong cryptographic implementations (such as 256 bit encryption, 128 bit data encrypted SSL systems using Advanced Encryption Standards) and defensive-in-depth network protection (with multiple firewalls, intrusion prevention appliances, and active monitoring systems).
- CareMonkey has an ongoing security and compliance program that includes penetration testing, vulnerability testing and third-party code reviews.
- CareMonkey’s network is designed with security in mind. This includes intrusion detection firewalls and monitoring.
- CareMonkey regularly conduct penetration and threat modelling to ensure our network is properly secure and up-to-date.
Security monitoring and optimisation
- CareMonkey actively monitors to detect intrusions into our system, and hires security experts to conduct periodic security reviews and vulnerability assessments.
- CareMonkey continuously optimises its security infrastructure, both within the application code and across our network/system platform.
Mobile Data Security
- The CareMonkey App is registered on a device using your unique username and password. Second Factor code/fingerprint is then required to access data.
- Data is only accessible by authorised users with that unique username and password.
- All data transfer is handled over SSL secure connections. CareMonkey uses an “Extended Validation” SSL site certificate so that users can be sure they are talking to CareMonkey when accessing the data.
- When the CareMonkey App is accessed on a mobile device or tablet, the data is stored in an encrypted format to give authorised users access to emergency information, even when they are offline or outside mobile range.
- Data that is stored on your device automatically expires and is deleted from local storage after a set period of time, unless authorized users re-synchronise with the server.
- Data that is no longer authorised is automatically deleted from local storage.
Infrastructure and Hosting
- CareMonkey’s physical infrastructure is hosted and managed within Amazon’s secure data centers, utilising Amazon Web Services (AWS) technology.
- AWS data centers are state of the art, utilising innovative architecture and engineering approaches. AWS provides a highly reliable, scalable and secure infrastructure platform that powers hundreds of thousands of businesses in 190 countries across the world.
- Your data is stored on servers in your region, and will never be stored outside of that region:
- Asia Pacific User data is stored in Australia (Sydney)
- European User data is stored in Ireland (Dublin)
- United States User data is stored in the United States (California)
- CareMonkey backs up your data in the same region every hour.
Disaster Recovery and Business Continuity
- CareMonkey’s physical infrastructure is hosted and managed within Amazon’s secure data centers, utilising the redundant services of Amazon AWS. AWS provides a highly reliable, scalable and secure infrastructure platform designed to tolerate system or hardware failures with minimal impact.
- The CareMonkey System consists of various service components that are all load balanced across multiple redundant instances. This ensures that any single hardware or data centre failure does not impact the delivery of our services. In addition, by hosting our servers in the AWS data centers, we take advantage of Amazon’s redundant power, environment and internet connectivity systems.
- Our databases are provisioned using Amazon’s RDS service which gives us the ability to do point-in-time recovery. CareMonkey periodically tests its Disaster Recovery Plan by practicing starting new instances and restoring databases within the AWS infrastructure. Any hidden unknown dependencies during these tests are identified and logged for remediation.
- CareMonkey’s business continuity plan also takes into account the continued operation of CareMonkey’s head office in Melbourne Australia and the availability and backup of key staff required for continued delivery of our service.
Security and Privacy Compliance
- AWS computing environments are continuously audited, with certifications from accreditation bodies across geographies and verticals including ISO 27001, FedRAMP, DoD CSM, and PCI DSS.
- AWS is fully compliant with applicable EU data protection laws, and the AWS Data Processing Agreement incorporates the Article 29 Working Party Model Clauses. This means that users wishing to transfer personal data from the European Economic Area (EEA) to other countries can do so knowing that their content in AWS will be given the same high level of protection it receives in the EEA.
- CareMonkey has implemented a robust information security and privacy program in accordance with relevant industry standards and required regulations, including HIPAA and FERPA.
- In the event of a suspected data breach, CareMonkey has a Critical Incident Response Team (which includes our Data Protection Officer, Developers, and Senior Management), and a Data Breach Policy Notification and Incident Response Plan that is reviewed annually.
- CareMonkey is a signatory of the Student Privacy Pledge, which is a commitment to safeguard student privacy regarding the collection, maintenance, and use of student personal information.