Learn more about CardioMood’s ongoing journey with the cloud and our innovative use of security offerings to reduce risks and improve the privacy of information. Here’s an overview of how we have built security at CardioMood:
We believe in taking a proactive stance on securing our systems and applications. We follow industry best practices, as well as our customers’ recommendations, to harden our systems. When it comes to our application, our developers follow industry best practices during the software development lifecycle, including OWASP (Open Web Application Security Project) Top 10 and relevant technology specific guidelines. We rigorously test our code prior to and after the deployment to production. Preventative and corrective maintenance of the data center equipment is scheduled through a standard process according to documented procedures.
CardioMood stores all production data in physically secure datacenters. We use data centers in various geographic locations for continuity and regulatory purposes, which are Tier III/Tier III+ and ISO 27001 certified. Our data centers have common security practices, including closed-circuit video monitoring and 24/7-manned guards, and require the use of biometric access controls to our locked cages.
Our customer’s data – and the security of that data – is of utmost importance to us, which is why we provide our customers with complete control over their data. Our servers are encrypted using TLS. We employs multiple layers of network devices and intrusion detection to protect its external attack surface. And, our security architecture ensures segregation of customer data.
We utilise both internal and external services to perform continuous scanning and monitoring of our network and application. We also conduct regular vulnerability scans, risk assessments and penetration tests.
We strive to be industry leaders in regulatory requirements and compliance. Our processes and controls are regularly audited by internal and external parties, including customers and independent assessors. Our datacenters are Tier III/Tier III+ and/or ISO 27001 certified. We have also successfully undergone audits and are compliant with General Data Protection Regulation (GDPR).
Europe is internationally recognised for data protection. CardioMood Health B.V. is a neutral, independent company incorporated in The Netherlands. Dutch law concerning data protection ensures complete confidentiality both for businesses and for individuals, and no government can have access to personal information without the agreement of a judge.
CardioMood is passionate about ensuring that our clients are able to comply with data privacy regulations, including the European Union’s GDPR, which goes into effect in May 2018. We provide our clients with enterprise-grade controls to manage, govern access and ensure security of personal data housed in CardioMood Cloud. As required by GDPR, CardioMood allows our clients to correct, export, or permanently delete personal information. CardioMood also purges personal data from internal processing systems to minimise the data we retain per GDPR Article 5. Please visit our GDPR page to find out more how CardioMood is setting the bar for customer personal data protection.
To report an incident, concern, or for general security questions, please email privacy@cardiomood.com
Cookie | Duration | Description |
---|---|---|
__stripe_mid | 1 year | Stripe sets this cookie cookie to process payments. |
__stripe_sid | 30 minutes | Stripe sets this cookie cookie to process payments. |
cookielawinfo-checkbox-advertisement | 1 year | Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category . |
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
CookieLawInfoConsent | 1 year | Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie. |
elementor | never | This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time. |
PHPSESSID | session | This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed. |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |
Cookie | Duration | Description |
---|---|---|
_ym_visorc | 30 minutes | Yandex sets this cookie to allow the site's Session Replay to function correctly. |
ymex | 1 year | Yandex sets this cookie to collect information about the user behaviour on the website. This information is used for website analysis and for website optimisation. |
yuidss | 1 year | Yandex stores this cookie in the user's browser in order to recognize the visitor. |
Cookie | Duration | Description |
---|---|---|
_ym_d | 1 year | Yandex sets this cookie to store the date of the users first site session. |
_ym_isad | 20 hours | Yandex sets this cookie to determine if a visitor has ad blockers. |
_ym_uid | 1 year | Yandex sets this cookie to identify site users. |
CONSENT | 2 years | YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data. |
yabs-sid | session | Yandex sets this cookie to store the session ID. |
yandexuid | 1 year | Yandex sets this cookie to identify site users. |
Cookie | Duration | Description |
---|---|---|
i | 10 years | This cookie is set by OpenX to record anonymized user data, such as IP address, geographical location, websites visited, ads clicked by the user etc., for relevant advertising. |
NID | 6 months | NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads. |
sync_cookie_ok | 1 day | This cookie is set by the provider WebVisor. This cookie is used for marketing purposes. |
Cookie | Duration | Description |
---|---|---|
sync_cookie_csrf | 10 minutes | This cookie is set by the Yandex metrica. This cookie is used to monitor the connection with the website and third party Data Management Platforms. The cookie also collects information on the user behaviour on the website which is used for optimizing the website. |