Walker Tracker takes security and privacy very seriously, and has instituted many safeguards in order to make sure your data is safe and secure.
We adhere to the requirements for GDPR (Europe’s General Data Privacy Requirements), HIPAA (American Health Insurance Portability and Accountability Act), and the CCPA (California Consumer Privacy Act — see statement below).
What data do we work with:
While normally Walker Tracker does not store or process data that is recognized as PHI (personal health information), we do store PII (personally identifiable information, such as an email address or name).
At a minimum, we store email addresses, username, password, steps (walking) data (note: we do not store, nor have access to, GPS data), and a member’s browser type and last IP address (these last two for troubleshooting purposes only).
Optionally, depending upon our client’s preferences, we also store/process:
- A member’s first and last name
- Personal wellness tracking information (nutrition score, water intake, hours of sleep, heart rate, weight, mood, meditation minutes). Note that this data is always private to the member who inputted it, and is not shared with either employer or Walker Tracker. (Note that when heart rate is recorded, in some cases it is considered PHI. However we record only a single, lowest instance per day, we do not share heart rate or weight data with anyone. It is private to the user only.)
- Employee ID
- Some logging information to determine the site is functioning correctly
Walker Tracker will never sell your information or share it with a 3rd party.
All data can be downloaded in an electronically portable format. All members may permanently self-delete themselves at any time. We regularly purge accounts to ensure privacy.
Walker Tracker is entirely hosted in AWS Cloud where we take advantage of & benefit from the vast and comprehensive ISO 27001 certified security architecture there. This includes employing an OWASP 10 Web application firewall, AWS Guard Duty, AWS Inspector, Aurora DBs with automated nightly backups, IAM user management, Amazon Key Management Service, and DDOS protection. Our staff is trained in best-practice security and privacy protocols, and all employees are background-checked. We do not store customer data in our office.
- All data is encrypted in transit.
- All data is encrypted at rest.
- Passwords are stored as salted, encrypted hashes.
- Our database and architecture are protected behind a secure bastion host, and we employ intrusion detection and monitoring, and do regular penetration and vulnerability testing, to ensure our infrastructure is secure.
A note on California Consumers Protection Act (CCPA) , which goes into effect in January, 2020.
While Walker Tracker already complies with all aspects of the CCPA, it should be noted that at present, the CCPA does not strictly apply to Walker Tracker because of the size of our company. However we recognize that the CCPA is monumentally needed, important legislation, and we embrace the idea of privacy standards fully. Walker Tracker does not share/rent data with anyone, except the client who specifically contracted to work with us. All data that we collect is categorized and prioritized and we share this categorization with our clients. All customers (both clients and end-users) have the ability to request their data in an electronically portable format, and may request to be deleted.
A note on the GDPR (European General Data Protection Regulation)
Please see our statement on the GDPR here.