Last Updated: April 1st, 2023
CareValidate encrypts data at rest and in transit for all of our customers. We use Google Cloud Platform's Cloud Key Management tool to manage encryption keys using hardware security modules for maximum security in line with industry best practices.
CareValidate regularly engages some of the industry’s best application security experts for third-party penetration tests. Our penetration testers evaluate the source code, running application, and the deployed environment.
CareValidate also uses high-quality static analysis tooling provided by Snyk and GitHub Dependabot to secure our product at every step of the development process. We fix all vulnerabilities as soon as they are detected.
CareValidate uses Google Cloud Platform and Heroku to host our web applications, backend servers, and databases. We make full use of the security products embedded within the GCP system.
As of April 1, 2023 CareValidate is proud to be SOC Type 2 compliant.