Data Use Policy
Security is our Top Priority
Homecoming works with Carbide, a company that helps us maintain robust compliance and security protocols. We do regular reviews of our security postures and processes to ensure that we’re keeping provider and client data safe.
The Information We Collect
When a provider registers clients to use our platform, they provide personal information such as names and email addresses. We collect personal health information and health outcome information through assessment responses that clients or practitioners provide.
Protection of Your Identity
In the future, we plan to share collective insights to the Homecoming community. Aggregate information is data that has been collected from multiple participants and is not linked to any specific individual. In addition, you can use Homecoming entirely pseudonymously, further protecting your privacy by removing the need to provide any personally identifiable information during registration.
How We Store Data
All of our critical services and personal information are housed in Medstack, a HIPAA-compliant hosting layer for healthcare applications. Medstack provides ISO 27001 and SOC 2 compliance, which are rigorous, industry-standard security requirements. Our data is also encrypted at rest by default.
Limited User Access to Data
We limit data access to authorized personnel, based on job function and role. We utilize multi-factor authentication for enhancing security. All access to services deployed by Homecoming are authenticated, authorized, and encrypted.