Security and privacy are our number one priority.
Foxo has been built with a ‘privacy and security first’ mindset in conjunction with leading privacy lawyers and security experts.
Our goal is, and always will be, to deliver powerful communication solutions to healthcare whilst upholding the most stringent security and privacy standards.
If you have a question or concern about our security or privacy we want to hear from you. Please contact our data protection officer at firstname.lastname@example.org
Year on year, Healthcare leads the Notifiable Data Breach scheme with the majority of incidents attributed to stolen credentials (malware and ransomware) or compromised via human errors (eg. breach via incorrect system or process)
Foxo is HIPAA Compliant
ISO 27001 DC
ISO27001 Accredited Data Centre
Independently Security Tested every 3 months
IRAP assessed infrastructure
Foxo runs on IRAP assessed infrastructure
Personal and sensitive information is carefully stored and managed
Data Protection and Storage
Data is stored on secure, encrypted servers located in Australia. All patient data and user data is encrypted at rest and in transit using enterprise-grade encryption protocols.
Data in transit: Movement of data between the webserver and browser is secured with the latest HTTPS technology using RSA encrypted TLS (Transport Layer Security).
Data storage: All User and patient data is stored on secure Amazon Web Services servers. These servers conform to the ISO27001 standard ensuring data remains backed up and safe at all times.
Foxo engages an independent security team to undertake penetration testing on a 3 monthly basis to ensure vulnerabilities and threats are detected and addressed.
“Pentested by Sistematik” mark means the Foxo business and product have undergone independant penetration testing with successful results and no open critical findings.
Verified network of users
All users of Foxo undergo mandatory verification to establish their identity. This provides you with the confidence you are contacting the right person.
Secure photo sharing
Clinical images taken within Foxo app are encrypted an stored on secured servers NOT on your personal mobile device or 3rd party cloud servers such as Apple iCloud, Dropbox or Google drive. This ensures compliance with national privacy regulations is maintained at all times.
Personal (user) Data
The only personal (user) data Foxo actively collects from customers is what we need for profile creation and account administration purposes.
Foxo's Cyber Security FAQs 🔒
Validating Offboarding Users
Any user that registers a Foxo account is required to provide enough information to be identified and validated before accessing the Platform. Users can join an Organisation registered on Foxo by request or our auto-join workflows. Users can be removed and offboarded from a Foxo Organisation via the Organisation’s settings.
Foxo undergoes independent penetration testing every 3 months.
Foxo Technology Pty Ltd has the relevant WorkCover, Cyber Security, Professional Indemnity, Public & Product Liability insurance required for operating in state health departments.
Data Retention Policy
All data is stored for a minimum of 7 years. Data is encrypted in all states (transmission and storage).
Foxo's Security Credentials
- ISO27001 Accredited Data Centre
- Independently Security Tested every 3 months
- Foxo runs on IRAP certified infrastructure
- Foxo is GDPR compliant, personal and sensitive information is carefully stored and managed
Regular Data Backup
Customer data is backed up at regular intervals throughout the day. A complete backup is performed nightly.
Additionally, replication logs for the databases are retained for 30 days and allow for analysis and recovery of the database to any point in that time window.
Ownership of Data
Foxo features auditable activity logs via a published ledger within the app with user-permission management. Foxo enables secure and accountable information transfer between healthcare providers under stringent data-sovereignty policies. All activity is captured and logged.
File Types and Sizes (non-executables)
Users can upload and distribute any non-executable file. There are no file size limits.
Patients can request a copy of their Personally Identifiable Information (PII) and Patient Health Information (PHI) at any time. These requests will be actioned in a timely manner.