We maintain a robust assurance program encompassing numerous platforms across industries. Our continuous monitoring program ensures we maintain our industry-leading secure framework as our customer base grows.
The HITRUST Cybersecurity Framework evaluates against 19 domains of security covering a broad spectrum of administrative, physical, and technical controls. The HITRUST CSF encompasses all applicable HIPAA requirements as well as numerous best practices, structured in a maturity model to serve as a framework for higher levels of security.
Redox is HITRUST certified (see our HITRUST certificate and HITRUST Interim Assessment Letter) and attests at HITRUST’s Level 3, which is their highest standard.
System and Organization Controls (SOC) 2 is an industry standard, technology service provider report verifying compliance and controls pertaining to security and availability. Type 2 indicates that this is a multi-month, over-time evaluation period for compliance.
Redox has maintained SOC 2 compliance since July 2017. Refer to our SOC 3 report for an overview of our SOC 2 controls.
General Data Protection and Regulation (GDPR) is a European Union (EU) law on data protection and privacy in the EU and European Economic Area. It is a cornerstone of EU privacy and human rights laws. Learn more about GDPR.
Learn more about the California Consumer Privacy Act of 2018 (CCPA), which gives consumers more control over the personal information that businesses collect about them. Also, read the CCPA regulations that provide guidance on how to implement the law. And don't forget about the California Privacy Rights Acts of 2020 (CRPA). Learn more about the CPRA amendment.
Redox adheres to all applicable regulations surrounding the CCPA and CPRA. See our CCPA disclosure.
Per the U.S. Department of Health & Human Services website, HIPAA standards are as follows:
To improve the efficiency and effectiveness of the healthcare system, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191, included Administrative Simplification provisions that required HHS to adopt national standards for electronic healthcare transactions and codesets, unique health identifiers, and security.
Redox adheres to all applicable US federal and state regulations, including HIPAA.
National Institute of Standards and Technology (NIST) Cybersecurity Framework integrates industry standards and best practices to help organizations manage their cybersecurity risks. It provides a common language that allows staff at all levels within an organization—and at all points in a supply chain—to develop a shared understanding of their cybersecurity risks.
Redox works to align with these standards.
Redox uses Stripe.js and Elements to collect card details from customers. Stripe automatically creates a combined SAQ A and Attestation of Compliance (AoC) (see our AoC). This is possible because Stripe’s Elements host all form inputs containing card data within an iframe served from Stripe’s domain so our customers’ card information never touches the Redox servers.