We are committed to protecting your personal data and the personal data of your clients. We have implemented several security measures to keep your data safe. The following information highlights some of these measures.
LabSmarts is a cloud-based service hosted entirely on Amazon Web Services (AWS). All of your data is stored on AWS servers located within the United States.
We are fully compliant with HIPAA and GDPR regulations.
We have a Business Associate Addendum (BAA) with AWS relating to our HIPAA compliance that is available upon request. Contact us if you have specific concerns about regulations outlined by your governing body.
The section below shows our approach to meeting key regulatory compliance needs.
Encryption of Data at Rest
We encrypt and store all data on our servers, including logs and backups, using AES 256-bit encryption.
Encryption of Data in Transit
We use AES-256 bit encryption while transferring your data to/from our servers along with TLS 1.2 to encrypt your data both between your browser and our servers and between our servers and other internal networks.
AWS is an SSAE 18 provider that utilizes industry-leading security tools, and best practices for managing and maintaining the security of the servers that store your data.
All network requests, successful and unsuccessful, are logged.
All log data is encrypted and unified, enabling secure access to full historical network activity records.
Network and host assessments are run weekly to check for security exposures and vulnerabilities.
All data is backed up daily. Thirty (30) days of rolling backups are retained.
Minimum Necessary Access
Access controls always default to no access unless overridden manually.
Payments processed through our website are done in a PCI compliant manner. We process subscription payments via Stripe, which is a PCI Level 1 Service Provider.
Learn more about Stripe’s PCI compliance: https://stripe.com/docs/security
Security of Your Password
Browser Password Security. We do not persist your password in your browser’s cache. We use secure cookies with limited lifespans. You will be asked to re-enter your login credentials if your session is idle for the allotted timeout period.
Password Storage. We do not store your password in plain text. Your password is encrypted, and only you know what it is. If you forget your password, you will have to reset it from the sign in page.
Suggestions for Keeping Your Account Secure.
Never share your username or password with anyone. It is against our policy to share your account information and have anyone other than you using your account.
Always sign out when you are finished using the service.
Choose a strong password that follows our password strength policy of at least 8 characters minimum length, 1 number, 1 special character, 1 uppercase letter, and 1 lowercase letter.
If you have general inquiries, questions, concerns, or comments about this Data Security Policy, please contact us using the contact form below.