What happens with your medical data is critical, right? We think so. Oh, and it’s the law that we take it seriously, too! So, of course, we keep it safe, private, and secure.
However, we receive questions about data security and privacy often enough that it makes sense to write a quick blog post about it.
“Is my data kept private?”
Personal data is information that could be used to identify you as a person. In the case of mySugr, it’d be data identifying you as someone living with diabetes. Which is really private.
By offering a mobile app, a company can make money in several ways: selling data, advertising, or charging a fee. Please be aware that an app can never be completely free. We don’t offer our products for free either. You pay to use the best features we have. We make money by either charging you, by partnering with companies that sponsor you or by having insurance pay for the service – your data is never part of the equation.
Also worth thinking about is who at mySugr can access your data. Out of more than 40 people working at mySugr, only a handful of people can access our database: our CTO, the database administrators, and one backup administrator. Every interaction of these people is logged – who did what, when and how. We keep track of everything that happens. But why access the data at all? If you need help with something, we need to be able to find out what’s going on. We also need to see that people are safe and what we need to improve in our product. To learn this, we only look into statistics – never your data.
“So, where is my data?”
In the cloud – a very safe place. To serve more than a million mySugr users, we use Amazon Web Services (AWS). They are not only a world-leading shopping portal, but one of the big ones in providing infrastructure – next to Google, IBM, and Microsoft. We rent parts of their hardware and data centers around the globe to host our websites and databases. Your data is kept safe, and the centers are secure. They are even protected by guards. The AWS-service is compliant with a heap of guidelines, standards, and certificates – take a look here for more details.
Geography is important too; as we cannot simply push medical data between continents. If you’re living in the EU, we keep the data in the EU (Ireland). If you registered in the US, we keep your data in the US, etc…
Unless you explicitly ask us to move it, it’ll stay where it is. Period.
“Is my data secure?”
In addition to the safe handling of it server side, we also implement encryption of data transfer using the same class as a good bank would do. We follow the standard practices of the industry. Our security is not limited just to the technical infrastructure, but also all who work at mySugr. The servers and other critical items can only be accessed by those who have an explicit need to do so. Laptops and devices of everyone who works for mySugr are encrypted and reviewed on a regular basis. The list of measures goes on and on.
But. The security of the data on your phone also depends on… YOU! Yep. You. So head over to our post on how to use your smartphone smartly to find out what you can do to ensure your data is safe and sound.
This post is by no means a complete list of all the things we do in order to protect your privacy and data. We do hope though that you now have a better understanding of how we make diabetes suck less – and that your safety always comes first!