app-bezpieczenstwo – Medic Scanner – analysis of skin condition

Security

The security of your personal information is paramount to Medic Scanner. We understand that your profile in the app may contain sensitive personal information. That's why we strive every day to implement best practices and industry standards.

Legal Compliance: Medic Scanner endeavors to ensure the security and confidentiality of personal data in accordance with the EU General Data Protection Regulation and other laws.

Third-party audits: We systematically conduct audits to verify and strengthen our internal security processes and policies, using well-known third-party auditing agencies.

Physical and environmental security: Medic Scanner applies the highest industry standards for physical, environmental and hosting security controls. Medic Scanner data centers operated by DigitalOcean use the latest architectural and engineering solutions.

Product safety

Servers and networks - Production environments are hosted on DigitalOcean. DigitalOcean is a service that assists us in creating a secure, efficient, resilient and robust infrastructure for our application. Digitalocean's data centers are designed to be secure and are SOC 2 Type II and SOC 3 Type II certified. All of our production servers are immutable and continuously updated systems supported by the Docker platform. We also use additional DigitalOcean services such as VPC (Virtual Private Cloud), infrastructure with multiple DigitalOcean accounts, DOKS (DigitalOcean Kubernetes). We use HTTPS with TLS (Transport Layer Security) encryption for secure network communication.

Encryption - We use Spaces access keys to create and manage keys and control the use of encryption across the spectrum of DigitalOcean services and in our application.

Storage - Medic Scanner stores all data such as metadata, activity, original files and customer data in different locations. All data stored at each location is encrypted.

Sensitive end-user data is removed from records, and IT specialists employed by Investment Analytics Sp. z o.o. do not have access to this data.

Separate environments - The production network is a separate environment from other boot, development and infrastructure environments. Each environment is located on a separate DigitalOcean account on separate VPC networks.

Customer payment data - Payments are processed by the App Store, Google Play applications, which are entirely responsible for the security of payments. Medic Scanner does not store any payment card data.

Designed for security - Medic Scanner's IT professionals use the best programming techniques in line with industry standards, such as documenting development work and quality assurance processes. In line with security principles of confidentiality, integrity and availability, we design our application in a way that reduces the risk of vulnerability to errors.

Tiers of service and security copies - Medic Scanner's infrastructure uses tiered technologies to increase reliable uptime, including auto-scaling, load balancing, job queuing and continuous deployment. We automatically perform daily full security copies of our databases. All security copies are encrypted.

System monitoring and warnings - Special monitoring systems control the operation of the Medic Scanner production application and its core infrastructure components 24 hours a day, 7 days a week, 365 days a year. Critical error warnings generated by the system are sent to those responsible for the service, who are on standby at all times, and are escalated to operations managers accordingly.

Vulnerability (penetration) tests - Medic Scanner conducts regular penetration tests performed by industry-leading cyber security experts on network, infrastructure and application level configurations. Vulnerability testing involves the use of well-known tools in the field of web application security and scanners to detect application vulnerabilities before commissioning production.

Incident Response and Data Security Breach Notifications - In accordance with international regulations and guidelines, Medic Scanner has defined a process that describes the actions taken when information about any event defined as an Incident, including a data security breach, becomes known.

Security as part of Medic Scanner's corporate culture - Employees and associates of Investment Analytics Sp. z o.o. receive training on security and the performance of their duties related to maintaining data security, in accordance with relevant regulations, procedures and agreements, at least once a year. Medic Scanner's security team continuously monitors, updates, tests and improves corporate security policies and data protection programs.