Data Security at TCM Health

Our Commitment to Your Privacy
At TCM Health, we prioritize the security and confidentiality of your personal and health information.

We understand the sensitive nature of health data and have implemented robust security measures to protect your information at every stage of its lifecycle.

Data Encryption at Rest

All data stored in our databases is encrypted using industry-standard AES-256 encryption. This means that even if unauthorized access to our servers were to occur, your data would remain unreadable and secure.

    Key aspects of our at-rest encryption:

  • Use of Hardware Security Modules (HSMs) for key management
  • Regular key rotation to enhance security
  • Strict access controls to encrypted data
Data Encryption in Transit

When you interact with our website or mobile app, all data transmitted between your device and our servers is encrypted using TLS 1.3 (Transport Layer Security). This ensures that your information cannot be intercepted or tampered with during transmission.

    Our in-transit encryption includes:

  • HTTPS protocol for all web communications
  • Certificate Transparency to prevent mis-issued SSL certificates
  • HSTS (HTTP Strict Transport Security) to prevent downgrade attacks
Access Controls and Authentication

We implement strict access controls to ensure that only authorized personnel can access your data, and only when necessary for providing our services.

  • Multi-factor authentication for all staff accessing sensitive systems
  • Role-based access control (RBAC) to limit data access based on job responsibilities
  • Regular access audits and reviews
  • Secure password policies and password managers for staff
Compliance and Third-Party Audits

We adhere to international data protection standards and regularly undergo third-party security audits to ensure our systems remain secure and up-to-date.

  • HIPAA compliance for handling of health information
  • GDPR compliance for protection of personal data
  • Annual penetration testing by independent security firms
  • SOC 2 Type II certification for our data handling processes
Data Transferability and Destruction

We believe in giving you full control over your data. At TCM Health, you have the right to transfer or destroy your data at any time.

  • Data Transferability: You can request a complete export of your data in a machine-readable format at any time. This allows you to transfer your information to another service or keep a personal backup.
  • Data Destruction: Upon your request, we can permanently delete all your personal data from our systems. This process is irreversible and ensures that your information is completely removed from our databases and backups.
  • Partial Data Management: You also have the option to selectively delete or modify specific pieces of your data without affecting your entire account.
  • Automated Retention Policies: We have implemented automated data retention policies to ensure that data is not kept longer than necessary for the purposes for which it was collected.
  • Transparency: We provide clear information about what data we hold about you and how it's being used through our user dashboard.

To initiate a data transfer or destruction request, please contact our Data Protection Officer through your account settings or by emailing privacy@tcmhealth.com. We aim to process all such requests within 30 days.

Your Role in Data Security

While we take extensive measures to protect your data, you also play a crucial role in maintaining its security:

  • Use strong, unique passwords for your TCM Health account
  • Enable two-factor authentication on your account
  • Be cautious of phishing attempts and never share your login credentials
  • Keep your devices and software up-to-date
  • Contact us immediately if you suspect any unauthorized access to your account

By working together, we can ensure the highest level of protection for your valuable health information.