Neura Security Policy

Updated 07.27.2017

SUMMARY

The security of handling End Users data is extremely important to us. Neura has implemented appropriate technical and organizational measures to protect information against accidental loss, unlawful destruction, alteration, unauthorized disclosure or access, and against all other unlawful forms of processing.

Neura takes reasonable steps to ensure that any personal information in its possession is accurate, complete, current and reliable for its intended use.

HYBRID ANALYSIS SOLUTION

Neura uses a hybrid analysis solution, prioritizing some of the analysis to our mobile engine located in the SDK, and off-loading other data for processing to Amazon’s S3 infrastructure. Neura uses Amazon’s Virtual Cloud and segmented network to prevent external access.

We store the data in multiple and different types of databases: S3, relational Database, No-SQL document database and Graph database. The data is distributed over multiple databases and each database holds only fragments of the data. In addition, sensitive data is hashed or encrypted in order to protect the data itself.

The data is kept for limited time in databases in order to reduce any large scale risks. All databases are protected by Amazon security countermeasures like any other Amazon customers’ data.

THIRD PARTY VENDORS AND HOSTING PARTNERS

We use third party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to provide the Services. These are located outside our offices. We use commercially reasonable physical and technical safeguards to secure your data.

SECURITY VALIDATIONS AND SECURITY PRACTICES

  1. Neura is certificated for Security management system by ISO270001.
  2. Neura solution is hosted in Amazon EC2 cloud services platform and all Amazon security groups, security zones and best practices are applied in the servers’ implementations.
  3. Neura is HIPPA compliant.
  4. We have signed BAA with main service providers, and BAA with Amazon.
  5. Our Data Center (managed by Amazon Web Services) is SAS 70 Type II certified, SSAE16 (SOC 2) Compliant, and features proximity security badge access and digital security video surveillance. Our server network can only be accessed via SSL VPN with public key authentication or via Two-factor Authentication over SSL.
  6. Additionally, our network can only be accessed via multi-factor authentication, and all access to our web portal is secured over HTTPS using SSL 256-bit encryption.

SERVER AND DATA SECURITY

  1. All Neura application servers and database servers are in a Data Centers managed by Amazon Web Services within the United States. All data center facilities are certified SSAE 16 (SOC 2) Compliant and have 24/7 physical security of data centers and Network Operations Center monitoring.
  2. Physical access to servers is controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Neura employees do not have access to physical server hardware.
  3. Neura employees are able to access to servers only via secured VPN and highly managed access control policies.
  4. Data storage – User’s data is stored as long as the user is in the Neura system. Old historical data is kept for a few months and deleted afterwards.
  5. User’s identifying info is anonymized in the system and the mobile sensors data and Neura profiles are not attached to the personalized identifiers like phone numbers.
  6. Destruction of server data: The raw data that is outlived more than 90 days is destroyed. The data may remain in our backup files for up to 12 months, as it is our policy to maintain backups. Daily backups are retained for a minimum of 7 days, weekly backups are retained for a minimum of 4 weeks, monthly backups are retained for 3 years. Backups are stored in multiple geographic availability zones within Amazon Web Services.
  7. Neura identifies users via phone number or via device id. This is the unique identifier of user that is used in authentication.
  8. Neura identifies users via phone number or via device id. This is the unique identifier of user that is used in authentication.
  9. Neura has security incident policy to track and control any issues in the network or application or severs.
  10. Issues and downtimes in our system are reported in the status monitoring page https://status.theneura.com/
  11. Neura performs periodically application and network penetration testing and applies all the security countermeasures for providing secured service and solution.
  12. Highly sensitive data is encrypted in Neura applications and servers. We use asymmetric and symmetric algorithms with large keys for data encryption. Key management is regulated with internal encryption policies.
  13. Neura applies all the best practices of the secure coding, code reviews and testing practices (unit test, functional tests, regression tests, performance tests and penetration tests)
  14. Security Committee is managing the policies, incidents and security standards in Neura. Each member has clear responsibilities and control functions.

CONTACT

Triinu Magi, Neura’s CTO, is identified as our Security and Privacy Officer.

For information about the data we collect and what we use it for, please review our privacy policy.

For any issues or questions please, contact us at support@theneura.com