Security Policy

Last revised on April 2020

At Wellness360, user data security and privacy policies are taken very seriously. We adhere to all the required security measures to protect customer data and comply with HIPAA regulations and other legal guidelines.

Security Team

Wellness360's security team works 24 x 7 to constantly monitor all the third-party software and other security notifications. All the security applications and infrastructure are observed and controlled through a secure development process, ensuring maximum security to customer data.

Security Infrastructure

The entire data application and security application of Wellness360 are hosted on Amazon Web Services (AWS). The AWS cloud computing platform is highly scalable with in-built privacy and comprehensive security features. Our security infrastructure is built with features that are prepared for disaster recovery and error tolerance. Only the required support and operations team is granted access to the virtual cloud system to ensure maximum security.

For more details about Amazon Web Services (AWS) security, refer -https://aws.amazon.com/security/

Operation Time

Wellness360 aims for a 99% operation uptime. To support this, our security monitoring and logging systems are employed outside AWS with a multitude of tools that help in accurate monitoring and analysis of any possible anomalies that can impact our services and the security of customer data.

Data Center

All the data is stored in AWS infrastructure that is housed securely in data centers controlled by Amazon. These data centers are secured by Amazon and they have many controlling measures to avoid any kind of unauthorized access. Only Amazon employees who are supposed to have legitimate information about data storage are aware of the data center location. As Amazon services are very reliable and have better physical security measures, we leave our data protection operations with them.

Web Application Security

Along with implementing automated and manual analysis, our support and operations team keeps monitoring the security review constantly to prevent any security defects and deliver our corporate wellness services well.

Our web applications use high data encryption tools to ensure none of the communications can be viewed by any third party. Also, all the data is stored only in secure data centers, and none of the data is stored locally.

  • Data Encryption - All the entered and stored customer data is encrypted, including API keys, email addresses, passwords, and other third-party app keys.
  • Authentication - Our Enterprise plan users are provided with optional authentication access via any SAML-compatible Identity Provider.
  • Company-specific data is separated logically into different data tiers based on the access, roles, and permission levels to the application.

Operational Practices

Wellness360 strives to offer the best corporate wellness services along with a thriving support system that is available around the clock for our clients. In order to have a 99% operation uptime, we carry on an array of operational services –

  • Perpetual infrastructure - Any required changes in the infrastructure or our software configuration are done through a standard code review, automated testing, and deployment. None of the changes will be carried on for a live code or on servers that are actively running in production.
  • Constant integration and deployment - We employ automated integration and deployment processes that are constantly monitored for quick delivery. The configuration tools and code are continuously tested and deployed, whenever needed.
  • Quick Response - Our operations and support team is available 24 x 7, and they will respond to any security or infrastructure concerns at the earliest.
  • Security audits - We conduct regular security audits to check the full network and system information for any possible vulnerability, which is then resolved at the earliest. Our clients can request to check the reports of the latest audit to warrant our security measures.