Brief technical outline (not on that page, as most people don't "care"):
- SSL for all API endpoints
- No data stored on the phone (unless you send to Health)
- No credentials stored on server (without special case explicit permission)
- Data at rest stored encrypted - but we have the keys
- Automatic security updates nightly, faster for events such as Heartbleed: https://twitter.com/stayinyourprime/status/45370574409788211...
- Threat monitoring software on all production servers and periodic vulnerability scans.
Brief technical outline (not on that page, as most people don't "care"): - SSL for all API endpoints - No data stored on the phone (unless you send to Health) - No credentials stored on server (without special case explicit permission) - Data at rest stored encrypted - but we have the keys - Automatic security updates nightly, faster for events such as Heartbleed: https://twitter.com/stayinyourprime/status/45370574409788211... - Threat monitoring software on all production servers and periodic vulnerability scans.