Data Encryption Policies and Requirements

Owned by Ben Derr
Last updated: Nov 24, 2023 by Christopher Snider
1 min read

Tidepool encrypts all PHI data stored within our platform to preserve the integrity and privacy of all data and communications.

Search this space

Tidepool configures and reviews services on a regular basis to ensure compliance with NIST recommendations.

Services - Data at-rest

Tidepool stores data in AWS S3 using 256-bit AES encryption and using integrity protection (checksums) to prevent and detect any modification of data.

Tidepool stores data in the MongoDB Atlas database-as-a-service using 256-bit AES encryption and checksums to ensure integrity.

Tidepool archives logs to AWS S3 storage using 256-bit AES and checksums for long term archive and encrypts all logs stored in SumoLogic with 256-bit AES encryption.

Services - Data in-transit

All Tidepool services are configured to support 256-bit AES encryption via TLS 1.3.

TLS 1.2 is required as a minimum standard to connect to Tidepool Web or Tidepool Uploader.

Services that support Tidepool

All services employed by Tidepool must use the same encryption of data at rest and data-in-motion.

All services employed by Tidepool are reviewed for security, data privacy, and confidentiality concerns.

Employee Computing Devices

Tidepool requires and audits all employee devices to ensure use of 256-bit AES encryption.

All personal backups and any external storage devices are required to use 256-bit AES encryption.

 

The content of the Tidepool Technical Documentation is licensed under a Creative Commons CC0 1.0 Universal (CC0 1.0) Public Domain Dedication.