NES Digital Security Policy
NES Health takes the security of your data very seriously. We employ multiple methods to protect your data. These include:
- All data is encrypted and decrypted transparently using 256-bit AES encryption, one of the strongest block ciphers available, and is FIPS 140-2 compliant.
- Data is encrypted at a data and disk level
- Physical protection at data centers
- Adherence to GDPR privacy policies
- Use of encrypted backup technology
- Use of encrypted data transport mechanisms between your computer and our servers
In addition, we will never share your data with third parties.
NES Health holds an ISO 13485 certificate where IT controls are audited annually.
Our payment provider has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. To accomplish this, they use the best-in-class security tools and practices to maintain a high level of security.
All card numbers are encrypted at rest with AES-256. Decryption keys are stored on separate machines. No internal servers can obtain plaintext card numbers. Infrastructure for storing, decrypting, and transmitting card numbers runs in a separate hosting environment, and doesn’t share any credentials with the primary services (API, website, etc.).