At Gluroo, we live firsthand with diabetes. As such, we understand that health data is extremely sensitive and requires the utmost care. We’ve built our platform with a “security-first” mindset, voluntarily adhering to the rigorous standards set by HIPAA (Health Insurance Portability and Accountability Act) to ensure your data remains private, secure, and available.
HIPAA Readiness
We have designed our entire platform, policies, and procedures to meet the strict requirements of the HIPAA Security and Privacy Rules.
We treat all user data with the same level of care required for Protected Health Information (PHI). This means that whether you are an individual using Gluroo for personal management or a future enterprise partner, your data is housed in an environment built for compliance.
- HIPAA Standards: We align with the administrative, physical, and technical safeguards outlined in the HIPAA Security Rule.
- BAA Readiness: Our legal and compliance framework is prepared to enter into Business Associate Agreements (BAAs) with healthcare providers and enterprise partners.
Cloud Infrastructure
Gluroo’s infrastructure is hosted on Amazon Web Services (AWS), the leading cloud provider for healthcare and life sciences. AWS maintains strict certification for SOC 2, ISO 27001, and FedRAMP.
- Data Residency: All data is processed and stored within AWS data centers located in the United States. (For GDPR-related questions, please see: gluroo.com/gdpr)
- Physical Security: AWS data centers feature state-of-the-art physical security, including 24/7 surveillance, biometric access controls, and strict “least privilege” staff access.
Technical Security Controls
We employ a multi-layered approach to protect data throughout its lifecycle.
1. Data Encryption
We use industry-standard encryption protocols to protect data both when it is being stored and when it is moving across the internet.
- Encryption at Rest: All databases, backups, and storage volumes are encrypted using AES-256 (Advanced Encryption Standard).
- Encryption in Transit: Data transmitted between your device (mobile app or web browser) and our servers is encrypted using TLS 1.2+ (Transport Layer Security).
2. Access Control & Authentication
We ensure that only authorized personnel and systems can access data.
- Least Privilege: Our internal access policies follow the Principle of Least Privilege. Engineers and staff are granted access only to the specific resources required for their role.
- Multi-Factor Authentication (MFA): We mandate MFA for all internal staff access to production environments and administrative dashboards.
- Audit Logging: We maintain comprehensive logs of system access and data changes to ensure accountability and traceability.
3. Vulnerability Management
We proactively identify and remediate security risks. If you believe you have found a security vulnerability in Gluroo, please report it to help@gluroo.com.
4. Reliability & Disaster Recovery
We perform automated daily backups of all critical data, which are encrypted and stored in a geographically separate location to ensure data durability.
Employee Training
Security is not only about code. It’s about people, too.
- HIPAA Training: All Gluroo employees undergo annual HIPAA privacy and security training.
- Confidentiality: All staff are required to sign strict confidentiality agreements prior to joining the team.
If you have any other questions or concerns about Gluroo’s security practices, please feel free to reach out to us at help@gluroo.com and we’ll do our best to clarify.