All production instances use encrypted, ephemeral storage. All filesystems holding user data are encrypted with AES 256-bit encryption keys.
Backup policies
Each MongoDB database is backed up hourly to MongoDB Atlas. In the extremely unlikely event that all MongoDB instances (in a single environment, in separate availability zones) went offline or were corrupted, the entire production database could be rebuilt and re-deployed based on our public source code and processes found at https://github.com/tidepool-org. The backup and restore process has been validated and is tested quarterly.
Additionally, backups will be stored externally to AWS S3 storage in an abundance of caution, though MongoDB Atlas is using similar mechanisms of retention, on a nightly basis.
Retention policies
Per Tidepool's Privacy Policy, Tidepool will retain your account and related information on your behalf as long as needed to support your use of the Tidepool Apps, for necessary backup purposes and comply as necessary with our legal obligations, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.
Data integrity verification policies
Tidepool implements data input and output integrity routines for application interfaces to prevent manual or systematic processing errors or corruption of data.