Last Updated May 1, 2019
At Butterfly Network the security of your data is our highest priority. This page provides a high-level overview of how we secure the key layers of our infrastructure, our Cloud, and our hosted data centers.
Butterfly’s Security Program utilizes industry leading, risk-based, frameworks and standards. Butterfly has a security team led by a Chief Information Security Officer (CISO) who is responsible for the development and maintenance of security policies, enforcing security operations and monitoring technical security within the company and associated third parties.
At Butterfly, we understand that fostering a healthy security culture begins by providing our employees with security policies, processes, and procedures to help make good decisions when building our products and managing sensitive customer data.
Butterfly follows a “secure by design” approach whereby security is treated as a top priority at all stages of product and application development. We implement controls such as threat modeling for new features, code review, regression testing, deployment controls, vulnerability scanning and penetration testing.
The Butterfly iOS and Web applications enforce strict user authentication. The Butterfly iOS app requires that hardware device encryption is enabled before log-in and scanning is allowed.
All data is encrypted in transit and at rest. Administrators of a Butterfly Cloud team subscription maintain full control over which users have access to their private data.
For our enterprise customers, Butterfly has developed three additional layers of enhanced, defensive security: Single Sign On, Enterprise Mobility Management Restrictions, and Custom Inactivity Timeout.
Butterfly Cloud is a multi-tenant distributed system, built with a highly redundant architecture. Leveraging Amazon Web Services (AWS) infrastructure, Butterfly Cloud incorporates multiple layers of physical, policy, and technical safeguards.
Customer data in Butterfly Cloud is further secured by a container orchestration platform (Aptible Enclave) that implements security best practices and controls for the deployment of healthcare applications such as AES 256-bit encryption for data at rest, monitoring and logging, vulnerability management and system hardening.
Butterfly Network conducts daily backups to Amazon’s East and West USA data centers to ensure customer data is easily recoverable in the event of a disaster. Backup plans and disaster plans are in place and tested quarterly.
Butterfly Network is SOC 2 (Type 1) certified, which attests to our compliance with Privacy, Security, Confidentiality and Availability criteria as well as HIPAA and HITECH regulations. Butterfly also has a global privacy program that meets the requirements of data protection regulations such as the EU General Data Protection Regulation (GDPR).
For more details on our security program, please contact us at firstname.lastname@example.org for a copy of our detailed security whitepaper.
Our security controls are constantly evolving to keep up with the dynamic threat landscape, so we may update this page from time to time to reflect these technical or administrative changes. Please check this page often to view our latest controls.