{"__v":0,"_id":"564d1afa4567342100ad96b5","category":{"__v":1,"_id":"564d1af94567342100ad96ab","pages":["564d1afa4567342100ad96b3","564d1afa4567342100ad96b4","564d1afa4567342100ad96b5","564d1afa4567342100ad96b6"],"project":"551375e1d04af219007ddc52","version":"564d1af84567342100ad96aa","sync":{"url":"","isSync":false},"reference":false,"createdAt":"2015-04-29T17:23:57.281Z","from_sync":false,"order":0,"slug":"human-api-overview","title":"Human API Overview"},"project":"551375e1d04af219007ddc52","user":"5539912a0074c80d00621b14","version":{"__v":1,"_id":"564d1af84567342100ad96aa","project":"551375e1d04af219007ddc52","createdAt":"2015-11-19T00:42:32.705Z","releaseDate":"2015-11-19T00:42:32.705Z","categories":["564d1af94567342100ad96ab","564d1af94567342100ad96ac","564d1af94567342100ad96ad","564d1af94567342100ad96ae","564d1af94567342100ad96af","564d1af94567342100ad96b0","564d1af94567342100ad96b1","564d1af94567342100ad96b2"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"","version_clean":"1.1.0","version":"1.1"},"updates":[],"next":{"pages":[],"description":""},"createdAt":"2015-04-29T17:25:38.388Z","link_external":false,"link_url":"","githubsync":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"auth":"required","params":[],"url":""},"isReference":false,"order":2,"body":"Human API services use strong security standards to protect our customers' data and ensure users' privacy. Security measures are implemented for both data at rest and data in transport.\n\n#Data Encryption\nOur database servers encrypt data using the standard **AES 256bit encryption**. The encryption keys are rotated and managed in a network separated from the database and application servers. They are stored in a fault-tolerant key management cluster with limited access. The master key is kept in a secure vault to ensure a maximum level of security.\n\n#Transmission Security\nAll data served over our REST API uses **HTTPS**. We regularly audit our security setup to ensure that the certificates we serve are up to date. We force HTTPS for all connections to our API server to ensure that data is always encrypted during the transport from our server to your application. It is important that you use the same methods to ensure that data is encrypted all the way to the end user.\n\n#Logging\nWe log all the API calls and track the interactions with Human API for later review.\n\n \n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"HIPAA and BAAs\"\n}\n[/block]\nDepending on the type of data integrations that are necessary, Human API will enter into Business Associate Agreements with covered entities of sub-contractors as we find appropriate. For requests regarding Business Associate Agreements please contact us at [enterprise:::at:::humanapi.co](mailto:enterprise@humanapi.co).","excerpt":"","slug":"security","type":"basic","title":"Security"}
Human API services use strong security standards to protect our customers' data and ensure users' privacy. Security measures are implemented for both data at rest and data in transport. #Data Encryption Our database servers encrypt data using the standard **AES 256bit encryption**. The encryption keys are rotated and managed in a network separated from the database and application servers. They are stored in a fault-tolerant key management cluster with limited access. The master key is kept in a secure vault to ensure a maximum level of security. #Transmission Security All data served over our REST API uses **HTTPS**. We regularly audit our security setup to ensure that the certificates we serve are up to date. We force HTTPS for all connections to our API server to ensure that data is always encrypted during the transport from our server to your application. It is important that you use the same methods to ensure that data is encrypted all the way to the end user. #Logging We log all the API calls and track the interactions with Human API for later review. [block:api-header] { "type": "basic", "title": "HIPAA and BAAs" } [/block] Depending on the type of data integrations that are necessary, Human API will enter into Business Associate Agreements with covered entities of sub-contractors as we find appropriate. For requests regarding Business Associate Agreements please contact us at [enterprise@humanapi.co](mailto:enterprise@humanapi.co).