Sumo Logic is used to capture, monitor, and analyze server-side logs.
Rollbar is used to capture, monitor and analyze client-side software logs.
Kissmetrics is used to capture user activity logs (data access, in-app-activity)
Crashlytics is used to capture crash reports from mobile clients.
Tidepool maintains a Business Associate Agreement for HIPAA compliance with both SumoLogic and Rollbar for handling of PHI.
Sumo Logic Application service logs and analysis are available to six employees who maintain Tidepool's infrastructure. Rollbar logs are available to all developers.
Monitoring, audit controls, and system activity review is documented and complies with 45 CFR 164.308(a)(5)(ii)(C), 45 CFR 164.312(b), and 45 CFR 164.308(a)(1)(ii)(D).
Tidepool implements administrative safeguards compliant with 45 CFR 164.308(a)(1) and has addressable safeguards compliant with 45 CFR 164.308(a)(3).
All application logs are stored on encrypted filesystems in Virtual Private Clouds (VPC) as described in System architecture. Access logs to instances containing PHI are maintained via operating system logging mechanisms.
At this time, Tidepool retains operation logging and audit trails indefinitely.