Effective May 25, 2018
While Nudge acknowledges that no Security Measures can guarantee with 100% certainty the security of Personal Data, we are committed to implementing technical and organizational safeguards to limit the risk of privacy or security breaches to the best of our ability.
Infrastructure and Hosting
The Nudge Applications and infrastructure are hosted on HIPAA-compliant secure cloud servers managed by Armor and Amazon Web Services (AWS) that also meet all security requirements under the GDPR.
To learn more about our hosting partners’ commitment to data security follow the links below:
Armor Security: https://www.armor.com/cloud-security-faq
AWS Security: https://aws.amazon.com/security
Nudge maintains the privacy and security of End User protected health information (PHI) as defined by HIPAA, and Personal Data and Data Concerning Health as defined by the GDPR, by ensuring that that data is secure both at rest and in transit.
Security At Rest
The following safeguards are implemented and maintained by Nudge and its hosting partners at all times to ensure the security of data “at rest”:
Up-to-the minute security patches and updates.
Real-time threat detection and response.
Physical isolation and security of server hardware.
System-wide authentication and authorization to ensure that all End User Personal Data is only accessible to the appropriate Customer Representatives.
Each individual user of the Nudge Apps is provided controls to allow the End User to audit which Customer Representatives may have access to their data, and may choose to revoke that access at any time.
All users (Data Subjects) have the right to request full deletion of their Personal Data from our systems at any time by submitting the request to our support team at firstname.lastname@example.org.
Security In Transit
At times, such as while in-app messages are sent between a Customer Representative and an individual End User, data in Nudge including PHI, Personal Data and Data Concerning Health may also need to be secured while “in-transit”.
Nudge and its hosting partners maintain the security of data in-transit by ensuring that all in-transit data is encrypted over HTTPS using gold-standard RSA encryption at all times.
Nudge supports TLS encryption on all inbound and outbound email to ensure and maintain the security of Customer interactions through email. To learn more about the details of email encryption, please reference this guide from Google.
Nudge ensured the implementation and maintenance of physical safeguards at all data centers and office locations including, but not limited to (i) locked doors, (ii) key card facility access, and (iii) device security controls.
Nudge promotes a culture of compliance by requiring all employees to complete annual HIPAA and GDPR trainings, and adhere to our compliance policies and procedures at all times.
Nudge has appointed a Data Protection Officer (DPO) to oversee the maintenance and enhancement of technical and organizational security and privacy measures. If you have questions about these Security Measures, you can get in contact with our DPO by email a question to email@example.com.