Wellthi takes the security of our customers and their data version seriously. We have established policies, procedures, standards, and practices that govern the security and confidentiality of customer data, including documentation for information security, logical access, backup recovery, risk management, and software development. The Wellthi application is hosted in an Amazon Web Services (AWS) environment through their Elastic Kubernetes Service (EKS). All customer data is encrypted at rest and in transit. Secrets and keys are stored securely within the AWS Key Management Service.
Wellthi periodically engages with third-party service providers to assist in the performance security controls, including, but not limited to: penetration testing, vulnerability scanning, cloud configuration security, and monitoring. Wellthi has also established secure coding practices and static code analysis tools to mitigate the risk of vulnerabilities in the application that may impact our customers. In addition, the Wellthi development team is required to undergo secure code training at least annually.