Skip to main content
All CollectionsPrivacy & Security
Data Storage & Security
Data Storage & Security

A detailed look at how Hedy stores and protects your data, including our infrastructure, security measures, and data handling procedures.

Updated over 2 months ago

Security is at the heart of Hedy's architecture. This article explains exactly how we protect your data, where it's stored, and the measures we take to ensure its safety.

Key Security Features:

  • Enterprise-grade cloud infrastructure

  • Multi-layer encryption

  • Comprehensive backup systems

  • Strict access controls

Infrastructure Overview

Hedy's infrastructure is built on Google Cloud Platform (GCP), specifically in the US-Central region. We chose GCP for its robust security features, reliability, and comprehensive compliance certifications.

Our Infrastructure Stack

  • Application Servers: Google Firebase Functions

  • Database: Google Firestore with encryption at rest

  • File Storage: not used

  • Authentication: Firebase Authentication

Data Encryption

We implement encryption at multiple levels to ensure your data remains secure:

In Transit:

  • All data transmission uses TLS 1.3

  • Secure WebSocket connections for real-time features

At Rest:

  • Database encryption using AES-256

Backup and Recovery

Our backup strategy ensures your data is always safe and recoverable:

  • Automated daily backups

  • Point-in-time recovery capabilities

  • Geo-redundant backup storage

  • 14-day backup retention

Access Controls

We maintain strict controls over who can access your data:

Employee Access:

  • Role-based access control (RBAC)

  • Minimal access privileges

  • Regular access reviews

  • Detailed access logging

  • Two-factor authentication required

Physical Security

Through GCP, we benefit from:

  • State-of-the-art data center security

  • Multiple layers of physical access controls

  • Environmental protection systems

  • 24/7 security staff

  • Regular security audits

Security Compliance

While we're working toward formal certifications, we already follow security best practices aligned with:

  • SOC 2

  • ISO 27001

  • GDPR

  • CCPA

Update and Patch Management

We maintain system security through:

  • Automated security updates

  • Regular vulnerability scanning

  • Dependency monitoring

  • Emergency patch procedures

  • Change management processes

Security is Everyone's Responsibility
If you discover a security vulnerability, please report it to [email protected]. We work quickly to address security concerns.

Business Continuity

Our business continuity plan includes:

  • Automated failover systems

  • Regular disaster recovery testing

  • Geographic redundancy

  • Documented recovery procedures

  • Regular system backups

Did this answer your question?