Wellness Tracker is a multi-tenant cloud application. We take the responsibility of data security very seriously. The following provides an overview of security features of the application and infrastructure.

Our services and data are hosted in Amazon Web Services (AWS) facilities in the USA. The AWS infrastructure enables us to provide scalable, secure and always available services. Learn more about AWS security here: https://aws.amazon.com/security/

All of our services are logically isolated within our own Virtual Private Cloud (VPC) on AWS with network access control lists (ACLs) that prevent unauthorized requests from reaching our internal network.

We utilize CloudFlare for both DDOS and Web Application Firewall protection.

We use 2-factor authentication (2FA) and strong password policies to ensure access to our cloud services is protected.

Users access the Wellness Tracker cloud environment over the internet from a web browser or mobile device via an encrypted Transport Layer Security (TLS) HTTPS connection.

We store the minimal necessary customer information needed to provide our services.

Customer data is stored in a multi-tenant database and we have strict privacy controls within our application code to ensure that one customer can not access the data of another.

Access to customer data is limited to only authorized employees who require it for their job role.

Data is backed-up and replicated across multiple zones within the AWS infrastructure.

Users authenticate with Wellness Tracker using a unique password that is one-way encrypted and never stored in clear text.

All access activity to Wellness Tracker is logged, and the logs are retained for at least one year.