Security at Wellthi
Protecting your data is our highest priority. We combine robust controls, independent assurance, and continuous monitoring to safeguard sensitive information.
Last updated: September 3, 2025
Compliance & Certifications
Wellthi is SOC 2 Type II certified, ADA (Americans with Disabilities Act) compliant, and U.S. Data Privacy compliant. Our SOC 2 Type II certificate is available upon request.
Data Protection & Controls
We apply layered security controls to protect data confidentiality, integrity, and availability.
Encryption
- Transport: TLS 1.2+ enforced across all endpoints.
- At rest: AES‑256 with managed keys.
- Key rotation and access separation of duties.
Identity & Access
- Least-privilege & role-based access controls (RBAC).
- Automated provisioning & timely offboarding.
Monitoring & Logging
- Centralized logs with immutable audit trails.
- Real-time alerting on anomalous activity.
- Retention aligned to regulatory needs.
Vulnerability Management
- Regular scanning and prioritized remediation.
- Regular penetration testing.
- Patch management SLAs by severity.
Application Security
- Secure SDLC with code reviews and CI checks.
- Automated dependency checks.
- Secrets management and environment isolation.
Resilience & Continuity
- Backups with periodic restore testing.
- Disaster recovery objectives (RPO/RTO) defined.
- Redundancy and failover where appropriate.
Transparency & Trust Center
Access security artifacts and request additional information.
Policies & Privacy
Read our Privacy Policy, Security Overview, and Data Retention standards.
Contact Security
We welcome security inquiries, vulnerability reports, and due‑diligence requests.
Reports & Certifications
Request available reports (e.g., SOC 2) and view certification letters.
