Security Policy

Last Modified: August 4, 2023

SECURITY OVERVIEW

Brushem is HIPAA-compliant. We provide this overview so that you can better understand the security measures we have put in place to protect the information that you store and share with Brushem.

SECURE STORAGE

All data stored in our databases is symmetrically encrypted using AES 256 keys. Amazon Web Services stores data over several large-scale data centers. You can find more information about Amazon Web Services’ security at the Amazon Web Services’ website. Encryption keys are stored using further encryption.

SECURE TRANSFERS

Your files are sent from Brushem’s mobile and web apps to our servers over a secure channel using SSL encryption, the standard for secure internet network connections.

USER ACCOUNTS

User accounts are password protected. Upon successful entry of a unique username, password, and authentication token, the user then gains access to his or her account.

YOUR DATA IS BACKED UP

Brushem and Amazon Web Services keep redundant backups of all data over multiple locations to prevent the remote possibility of data loss.

PRIVACY

We guard your privacy and work hard to protect your information from unauthorized access. Except as stated in the next sentence, Brushem employees are prohibited from viewing the content of files you store and share with Brushem, and are only permitted to view file metadata such as file names and locations. We have a small number of employees who must be able to access user data for the reasons stated in the Brushem Privacy Policy and our Privacy Notice for California Residents. We have strict policy and technical access controls that prohibit employee access except in these rare circumstances.

COMPLIANCE WITH LAWS AND LAW ENFORCEMENT

Brushem cooperates with law enforcement when it receives valid legal process, which may require Brushem to disclose information contained in your Brushem account. In the event that Brushem compelled to disclose information pursuant to valid legal process, Brushem will decrypt the data before providing it.

AUDITING

Our auditing process tracks all records that are created, deleted, and modified. We also track activity on the Site by users, such as, login, page view, viewing images, adding notes and other activity on the Site.

You understand that your dental history is entered into the Brushem database and that all reasonable measures have been and will be taken to protect the confidentiality of this personal information—in accordance with HIPAA standards. You know that no computer or phone system is completely secure. Brushem respects your rights to reasonable privacy under HIPAA standards and state laws, and in accordance with our Privacy Policy and our Privacy Notice for California Residents, will not release information to anyone without your written authorization or as required permitted by law, or in accordance with your health insurer’s privacy policy if applicable, or as otherwise disclosed via our Privacy Policy and our Privacy Notice for California Residents.

REVISIONS OF THIS SECURITY POLICY

Brushem may revise and update this Security Policy at any time, without notice to you. We encourage you to periodically check the Site to see if there have been any changes to our Security Policy that may affect you.

DISPUTE RESOLUTION

Brushem is committed to resolving complaints about the security measures we use to protect your personal information. Individuals with inquiries or complaints regarding our Security policy should contact the Brushem Security Officer at:

SECURITY OFFICER

Brushem’s Security Officer can be contacted at:

Phone: (503) 289-1992
Email: hello@gobrushem.com
Postal Address: 742 NW Murray Blvd., Portland, OR 97229