Security & Privacy
We take security seriously. In order to protect our customers, we must first protect ourselves.
Learn about our company security and compliance practices below.
at Dr. Know
Dr. Know develops and maintains Security and Privacy policies and controls, guided by industry best practices and frameworks.
Our trusted third-party partner, Vanta, continuously monitors our compliance with these policies and controls via a direct connection to our systems.
Annually, we prove our security and compliance posture to third-party auditors for certification. Dr. Know maintains HIPAA compliance and SOC 2 Type II certification.
Customers can view our compliance status anytime via our Vanta Trust Center.
Customer-specific encryption keys are managed inside Microsoft Azure and are used for encryption and decryption by our API.
Data in Transit
Dr. Know uses TLS 1.2 or higher everywhere data is transmitted over potentially insecure networks. Server certificates are managed inside Microsoft Azure.
Data at Rest
Customer data is stored securely within the Microsoft Azure cloud computing environment and is encrypted at rest.
Dr. Know performs penetration testing at least annually. Our current testing partner is Acunetix, a leading industry expert.
We use the recommendations from these tests to improve, enhance, and patch our products and services appropriately and in a timely manner.
Product updates, issues, and patches are communicated to customers via our online status dashboard.
Dr. Know source code is maintained inside Microsoft Azure DevOps, delivering industry best practices directly to our development tools, processes, and teams.
Dr. Know's products and services are built using cloud native, Platform-As-A-Service (PaaS) infrastructure. Compared to traditional on-premise and Infrastructure-As-A-Service (IaaS) software architectures, PaaS greatly enhances security as the underlying infrastructure is fully managed by the cloud vendor (Microsoft Azure).
Dr. Know upgrades each component of our technical architecture in accordance with Microsoft's underlying service requirements.
Secure Remote Access
Dr. Know limits and secures remote access to cloud resources using Azure VPN connections.
Dr. Know provides comprehensive security training to all employees upon onboarding and annually through educational modules within the Vanta platform. In addition, all new employees attend a mandatory live onboarding session centered around key security principles. New engineers attend an additional session focused on secure coding principles and practices.
Identity & Access Management
Dr. Know uses Microsoft Azure to secure our cloud identity and access management.
Dr. Know employees, consultants, and vendors are granted access to applications based on their role, and are deprovisioned upon termination of their employment or contract. Further access is approved according to the requirements set for each application.
Dr. Know uses a risk-based approach to vendor security. Factors which influence the risk rating of a vendor include: access to customer and corporate data, integration with production environments, and potential damage to the Dr. Know brand. Once a risk score has been determined, an approval decision for the vendor is made.
Are you looking to report a security concern?
Submit your concern via our anonymous Whistleblowing Platform.