At bosWell, we are committed to security and privacy, for you and your clients. We understand how crucial your clients’ trust is, and we're committed to implementing the best practices to ensure your data’s safety.
Data Protection
End-to-End Encryption in Transit: All communication to and within bosWell’s app is secured with end-to-end encryption via Transport-Layer-Security (TLS), ensuring your data remains private and secure as it moves from one point to another.
Encrypted Data at Rest: Your stored data benefits from encryption-at-rest with AES-256, block-level storage encryption, which means even if a malicious actor could access the physical storage, the information remains inaccessible without the decryption key.
Platform Security
Hosting and Infrastructure: Our application is hosted on Heroku, and Amazon Web Services, leading cloud platforms with stringent physical and digital security measures, including regular patching of server and database software to prevent vulnerabilities.
Web Application Security: We follow best practices for web application security, safeguarding against common web application vulnerabilities like SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF).
Authentication and Access Control
Hyper-Secure Authentication with Auth0: Our app uses industry-leader Auth0 by Okta for login and SSO, which is ISO27001, ISO27018, and SOC II Type 2 compliant.
Password Policies and Brute-Force-Protection: Our application ensures that passwords meet a minimum-standard of complexity, and protects against attempts to guess them.
Role-based Access Control (RBAC): Users are assigned roles that dictate what actions they can perform, ensuring that every user only has access to the features and data they need.
Automated Code Auditing
Secure software and dependencies: We continuously monitor for Common Vulnerabilities and Exposures (CVEs) and Github originated security advisories.
Secure lifecycle: We run static analysis security vulnerability scanners and follow OWASP best practices to maintain a secure environment and implement a secure software development life cycle (SDLC).
Data Backup and Recovery
Continuous Backups and disaster recovery: Our data is continuously backed up by Heroku and can be rolled back to a given minute within the last four days.
Daily backups: We take automatic daily backups of our data that are retained indefinitely.
Privacy - How We Use Your Data
Data Usage Policy: We do not share individualized, identifiable data with other entities without each client’s (i.e. the individuals you serve whose data are entered into the Boswell system) explicit consent. Clients can consent to sharing their data with Boswell, its healthcare partners, and other social service organizations; in that case, individual, identifiable data may be shared for the purpose of supporting a client’s health and social needs. We may share aggregate data free of identifying information for the purpose of research or healthcare improvement. We do not use your data to market third-party services to your clients. See our license agreement for more when you set up your account.
Continuous Improvement
Continuous monitoring: We automatically screen for phishing and malware, and keep our team updated on key security habits.
Feedback We value feedback from our user community and the broader security community. If you have security concerns or suggestions, please contact us at support@boswell.io.