Explo’s caching layer brings customer data into an in-memory cache powered by Redis to further improve the product experience. Explo uses Heroku Shield Redis to ensure that this aligns with both our SOC 2 Type 2 accreditation and HIPAA compliance.

Heroku Shield Redis FAQs

  • Certified to handle PHI, PII, and HIPAA data
  • Redis is an ephemeral data storage, meaning the data is only held temporarily
    • Our TTL (”time to live”) setting, or how long the data is held, will be at most 10 minutes
  • The data is only held in memory and not written to disk, so the data is never stored
  • All communication channels with Redis are fully encrypted

Compliance

  • Customers are able to opt-out of using our Redis cache
    • It is recommended for a better experience, but it is not required
  • Explo’s Privacy Policy, HIPAA Breach Notification Policy, and Incident Response Plan HIPAA Addendum with Breach Notification Procedures are updated to reflect the use of the cache and the ability to opt-out

Is this considered storing data?

No. Data is only held in memory and never written to disk, so the data is never stored in Explo’s systems.

Security FAQsAI Feature Acknowledgement