Human API services use strong security standards to protect our customers' data and ensure users' privacy. Security measures are implemented for both data at rest and data in transport.
## Data Encryption
Our database servers encrypt data using the standard **AES 256bit encryption**. The encryption keys are rotated and managed in a network separated from the database and application servers. They are stored in a fault-tolerant key management cluster with limited access. The master key is kept in a secure vault to ensure a maximum level of security.
## Transmission Security
All data served over our REST API uses **HTTPS**. We regularly audit our security setup to ensure that the certificates we serve are up to date. We force HTTPS for all connections to our API server to ensure that data is always encrypted during the transport from our server to your application. It is important that you use the same methods to ensure that data is encrypted all the way to the end user.
We log all the API calls and track the interactions with Human API for later review.
## HIPAA and BAAs
Depending on the type of data integrations that are necessary, Human API will enter into Business Associate Agreements with covered entities of sub-contractors as we find appropriate. For requests regarding Business Associate Agreements please contact us at [[email protected]](🔗).
For more details about security, [please go here](🔗).