• App Updates & Features
2 mins read

Security At Cronometer

guest post by brian doherty, chief technology officer at cronometer

Here at Cronometer, we pride ourselves on our data security. You trust us with your health data and we take that seriously. Not only do we comply with, but we go above and beyond the security measures that are required of us.

Cronometer is cloud based, communicating with millions of users over the web and mobile apps. How do we do this while maintaining the security of your data?

Security is built into the pillars of our company values and we adhere to 3 basic principles:

  1. Encrypt everything (in transit and at rest)
  2. Grant least access/privileges to information that allows the work to continue
  3. Maintaining industry best practices, employing set standards where possible (HIPAA, GDPR, etc)

Encrypt Everything

All traffic from your mobile app or browser to Cronometer’s servers is encrypted.

All data internally from our load balancers to our web servers is encrypted.

All data internally from our web servers to our other tiers, databases, etc is encrypted.

All admin access to our systems is encrypted.

Any requests to non-encrytped web pages are automatically redirected to their encrypted counterparts.

All user passwords are encrypted, and never stored cleartext (hashed and salted).

Our blog server is encrypted.

Least Privileges

Users are only granted access to their information

Any access granted to other parties is completely in the control of the user via the profile page. (inviting friends, signing up to studies, signing up to Pro’s, etc)

Any data sharing, for opt-in studies, or Pro accounts, is via encrypted channels

Industry Best Practices

Cronometer was born in and was built for the cloud.

We are designed from the ground up to the distributed and secure.

We are adhering to GDPR, with a data protection officer.

We are self-certified as HIPAA compliant, a US standard usually reserved for medical practitioners, as we have several prominent US hospitals using Cronometer in their facilities.

All of the above is aimed at reducing the likelihood of data breaches. We are not perfect, mistakes and bugs can and will happen. This assumption is built into the above.

This is to ensure we know how to react. With HIPAA and GDPR we have mandated policies for how we react, expected timings for certain tasks, executive committees, etc.

Since the foundation of Cronometer we have also provided the option to completely remove your data from our system and will always have this. This ensures you keep complete control of your data.

I hope this has spread some light on how we value security and the importance we place on protecting your data.

Share this post

If you count calories, micronutrients, or macronutrients, you can count on us

Sign Up - It’s Free!
Download The App

Related posts

View all
  • App Updates & Features, Health, Nutrition
5 mins read
Why Do I Still Get Sick If I Eat a Healthy Diet? | Cronometer’s New Nutrients and Compounds
Key Takeaways • Eating “healthy” doesn’t guarantee immunity Immune health depends on how well your body uses nutrients, not just whether you consume them. • Absorption matters more than totals Compounds like phytates can block key minerals (such as zinc and calcium), meaning your intake may not reflect what your immune system actually...
Read more
  • App Updates & Features, Health, Nutrition
5 mins read
Why Doesn’t My Body Absorb All the Calcium I Eat? | Cronometer’s New Calcium Absorption Score
Key Takeaways • Calcium intake does not equal calcium absorption. Your body can only absorb a portion of the calcium you eat due to bioavailability limits in the digestive system. • Plant compounds like phytates and oxalates block calcium absorption. These “anti-nutrients” bind to calcium in the gut, reducing how much your body...
Read more
View all