Skip to main content

Encryption

In transit

All data transmitted between clients and MASLOW servers is encrypted using TLS 1.2 or higher. This includes:
  • Patient survey submissions
  • Provider dashboard access
  • API communications
  • Email notifications (via TLS-enabled email providers)

At rest

All stored data is encrypted using AES-256 encryption. This covers:
  • Database records (survey responses, patient profiles, reports)
  • File storage (exported reports, attachments)
  • Backups and archives

Data storage

  • Location — data stored in AWS US regions
  • Database — managed database services with automated backups
  • Isolation — tenant data is logically isolated

Data retention

MASLOW retains clinical data in accordance with applicable healthcare record retention requirements. Default retention periods:
Data typeRetention period
Survey responsesPer clinic policy (minimum as required by state law)
AI reportsSame as survey responses
User accountsUntil deactivated + retention period
Audit logsMinimum 6 years

Audit logging

All access to patient data is logged, including:
  • Who accessed the data
  • When the access occurred
  • What action was performed (view, export, etc.)
Audit logs are retained for a minimum of 6 years in compliance with HIPAA requirements.

Data deletion

Patients can request deletion of their data by contacting their healthcare provider. Deletion requests are processed in accordance with applicable healthcare record retention laws.