SECURITY INFORMATION

​

Last Modified: July 26, 2023

​

MemoryWell is committed to meeting and exceeding HIPAA data privacy and security requirements. Our Information Security Management Program (ISMP) is a comprehensive set of policies, procedures and technical controls that drives secure practices into all aspects of our business, including recruiting, vetting, training, operating, and auditing our secure platform.  We leverage industry best practices for addressing HIPAA requirements, and we work with third-party auditors to regularly obtain SOC 2 Type II reports validating our security posture. 

​

Data Security

MemoryWell encrypts data that is at rest and in transit for all of our partners. We use tools such as Amazon Web Service’s Key Management System (KMS) to manage encryption keys using hardware security modules for maximum security in line with industry best practices. 

​

Application Security

MemoryWell utilizes some of the industry’s best application security experts for third-party penetration tests. By performing penetration tests, we are able to evaluate the source code, running application, and the deployed environment. MemoryWell uses high-quality static analysis tooling provided by GitHub Advanced Security to secure our product at every step of the development process. 

​

Infrastructure Security

MemoryWell uses Amazon Web Services to host our applications. 

MemoryWell utilizes Vanta as a monitoring tool for security of data, people, devices and vulnerabilities.