Server Infrastructure Level
At the server infrastructure level, we rely on bare metal private linux clouds via PhoenixNAP, Peformive, and OVH. Our data center(s) have completed SOC 2 audits.
Hosting & CDN Level
At the hosting level, we rely on Rocket.net’s advanced network. Rocket.net is integrated with the Cloudflare Enterprise content delivery network to provide systematic defenses against security threats while not sacrificing performance.
Application Level
At the application level, we not only enforce all standard security practices, but implement layers of redundant of security protection.
- End-to-end SSL encryption from the origin server to each user’s browser is required to access all site pages.
- Multi-factor authentication is mandatory for ALL user logins, regardless of plan type.
- On a client-by-client basis, IP address ranges for entire countries outside our service area (Russia, China) are blocked.
- Electronically signed contracts are stored digitally in encrypted database tables. PDF copies of Esign contracts are generated dynamically on demand and NOT stored on the server.
- File uploads (files users upload):
- Nginx server rules prevent direct access to any private files uploaded to the server. As a redundant measure, unique file storage locations are generated with dynamic hashes.
- Application-level file access rules require:
- File download url hash keys (different from the hashes for file storage locations above) mask the real server storage location of uploaded files.
- Even if an individual has the unique url hash key for a secure file download, the user must be (i) logged into the same active subscription account as the uploader AND (ii) authenticated with multi-factor authentication.
Third Party Security Integrations
Dedicated and Custom Plan members may elect to use their own Identify Provider (IdP) to manage user access with whatever form of multi-factor authentication they desire. Health-Contract.com integrates with over 40 different IdP solutions:
