Explo’s caching layer brings customer data into an in-memory cache powered by Redis to further improve the product experience. Explo uses Heroku Shield Redis to ensure that this aligns with both our SOC 2 Type 2 accreditation and HIPAA compliance.

Heroku Shield Redis FAQs

  • Certified to handle PHI, PII, and HIPAA data
  • Redis is an ephemeral data storage, meaning the data is only held temporarily
    • Our TTL (”time to live”) setting, or how long the data is held, will be at most 10 minutes
  • The data is only held in memory and not written to disk, so the data is never stored
  • All communication channels with Redis are fully encrypted


  • Customers are able to opt-out of using our Redis cache
    • It is recommended for a better experience, but it is not required
  • Explo’s Privacy Policy, HIPAA Breach Notification Policy, and Incident Response Plan HIPAA Addendum with Breach Notification Procedures are updated to reflect the use of the cache and the ability to opt-out

Is this considered storing data?

No. Data is only held in memory and never written to disk, so the data is never stored in Explo’s systems.