Security & Privacy
We take security seriously. In order to protect our customers, we must first protect ourselves.
Learn about our company security and compliance practices below.
at Dr. Know
Governance
Dr. Know develops and maintains Security and Privacy policies and controls, guided by industry best practices and frameworks.
Our trusted third-party partner, Vanta, continuously monitors our compliance with these policies and controls via a direct connection to our systems.
Annually, we prove our security and compliance posture to third-party auditors for certification. Dr. Know maintains HIPAA compliance and SOC 2 Type II certification.
Customers can view our compliance status anytime via our Vanta Trust Center.
Data Protection
Data at Rest
Customer data is stored securely within the Microsoft Azure cloud computing environment and is encrypted at rest.
Data in Transit
Dr. Know uses TLS 1.2 or higher everywhere data is transmitted over potentially insecure networks. Server certificates are managed inside Microsoft Azure.
Secret Management
Customer-specific encryption keys are managed inside Microsoft Azure and are used for encryption and decryption by our API.
Product Security
Dr. Know performs penetration testing at least annually. Our current testing partner is Acunetix, a leading industry expert.
We use the recommendations from these tests to improve, enhance, and patch our products and services appropriately and in a timely manner.
Product updates, issues, and patches are communicated to customers via our online status dashboard.
Dr. Know source code is maintained inside Microsoft Azure DevOps, delivering industry best practices directly to our development tools, processes, and teams.
Enterprise Security
Cloud Native
Dr. Know's products and services are built using cloud native, Platform-As-A-Service (PaaS) infrastructure. Compared to traditional on-premise and Infrastructure-As-A-Service (IaaS) software architectures, PaaS greatly enhances security as the underlying infrastructure is fully managed by the cloud vendor (Microsoft Azure).
Dr. Know upgrades each component of our technical architecture in accordance with Microsoft's underlying service requirements.
Secure Remote Access
Dr. Know limits and secures remote access to cloud resources using Azure VPN connections.
Security Education
Dr. Know provides comprehensive security training to all employees upon onboarding and annually through educational modules within the Vanta platform. In addition, all new employees attend a mandatory live onboarding session centered around key security principles. New engineers attend an additional session focused on secure coding principles and practices.
Identity & Access Management
Dr. Know uses Microsoft Azure to secure our cloud identity and access management.
Dr. Know employees, consultants, and vendors are granted access to applications based on their role, and are deprovisioned upon termination of their employment or contract. Further access is approved according to the requirements set for each application.
Vendor Security
Dr. Know uses a risk-based approach to vendor security. Factors which influence the risk rating of a vendor include: access to customer and corporate data, integration with production environments, and potential damage to the Dr. Know brand. Once a risk score has been determined, an approval decision for the vendor is made.
Data Privacy
At Dr. Know, data privacy is a first-class priority. We strive to be trustworthy stewards of all sensitive data.
View our Privacy Policy.
View our list of sub-processors at our Vanta Trust Center.
Security Concerns
Are you looking to report a security concern?
Submit your concern via our anonymous Whistleblowing Platform.