Security & Compliance
Ride Health is built on a foundation of trust. We protect the data of the healthcare organizations and participants we serve with enterprise-grade security and rigorous compliance standards.
Certifications & Compliance
HIPAA Compliant
Ride Health maintains full compliance with the Health Insurance Portability and Accountability Act. We implement administrative, physical, and technical safeguards to protect Protected Health Information (PHI) across all systems and processes. Business Associate Agreements (BAAs) are in place with all partners and subcontractors who handle PHI.
SOC 2 Type II Certified
Our SOC 2 Type II certification, audited by an independent third-party firm, verifies that Ride Health's controls meet the Trust Services Criteria for security, availability, processing integrity, confidentiality, and privacy over an extended observation period.
Data Protection
Multiple layers of protection safeguard data at every stage of its lifecycle.
Encryption at Rest & in Transit
All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.2+. Database-level encryption, encrypted backups, and secure key management ensure comprehensive data protection.
Access Controls
Role-based access control (RBAC) ensures that users only access the data and systems necessary for their role. Multi-factor authentication is required for all internal systems. Access reviews are conducted quarterly.
Audit Logging
Comprehensive audit logs capture all system access, data modifications, and administrative actions. Logs are immutable, centralized, and retained for compliance purposes. Anomaly detection alerts the security team to unusual patterns.
Infrastructure
Enterprise-grade infrastructure designed for reliability, scalability, and resilience.
Cloud Hosting
Ride Health's platform is hosted on enterprise-grade cloud infrastructure with SOC 2 and HIPAA-compliant data centers. Geographic redundancy ensures availability even in the event of regional outages.
Uptime SLAs
We maintain a 99.9% uptime SLA for our core platform services. Real-time monitoring, automated failover, and 24/7 on-call engineering support ensure continuous availability for our healthcare partners.
Disaster Recovery
Automated backups, cross-region replication, and documented disaster recovery procedures ensure that Ride Health can recover from any incident with minimal data loss and downtime. DR plans are tested regularly.
Privacy
We take a principled approach to data privacy, giving individuals control over their information.
Data Handling
All personal and health-related data is classified and handled according to its sensitivity level. Data minimization principles ensure we only collect and process what is necessary to deliver our services.
Data Retention
Data is retained only as long as necessary to fulfill its purpose or meet regulatory requirements. Automated retention policies and secure deletion processes ensure data is removed when no longer needed.
Patient Rights
Ride Health supports the rights of individuals to access, correct, and request deletion of their personal information in accordance with applicable laws including HIPAA and state privacy regulations.
Questions about our security practices?
Visit our Trust Center for detailed documentation, or contact our security team directly.