Security Policy

Data Protection & Encryption

Data at Rest

We use the Advanced Encryption Standard (AES) 256-bit encryption to store your data, providing a level of security in line with leading US financial institutions.

Data in Transit

MedProcure, LLC, strictly enforces the use of the Transport Layer Security (TLS) 1.2 encryption protocol when logging in or accessing any web application or service that deals with and/or transmits your personal information. This protocol not only ensures the secure transmission of your data, but also confirms the authenticity of our site.

Data Storage

In partnership with our colocation service provider, we host all our production applications and databases in a secure environment that meets the highest standards of data security and access controls.

Data Ownership

We promise never to share, sell, or transfer any of your details or the data you store using our services without your explicit consent, unless our privacy policy states otherwise. Refer to our Privacy Policy to learn more.

Data Deletion

Your account, your control. If you request to delete your account, we assure the complete and irreversible removal of all data and documents associated with your account, including security backups, within 35 days from your request.

Identity Management & Authentication

We require complex passwords, stored using a non-reversible hash. To ensure additional security, we automatically log out users after a period of inactivity.

Sensitive Information Handling

At MedProcure, we never store credit card information, and we do not collect Social Security numbers. We avoid collecting HIPAA-scoped data whenever possible. However, some of our products might require the collection of some health information.

Certifications

SOC 2

MedProcure is in the process of completing a Type 1 Service Organization Control 2 (SOC 2 Type I) audit, as confirmed by an independent CPA report and certification. We are on track to receive our SOC 2 Type II certification by the first quarter of 2024, demonstrating our commitment to rigorous information security policies and procedures.

Third-party support

For comprehensive security management, we work with Kobalt to ensure round-the-clock security monitoring and incident response, thereby maintaining the safety and integrity of your data.

Reporting

In the event of a system outage, we have implemented measures to maintain data security and robust disaster recovery and business continuity plans. If you identify a security issue affecting MedProcure or our users, we encourage you to report it to us at information@medprocure.com. We welcome any other security concerns as well - your safety is our priority.