Compliance & Data Security


Security

Cubtale mobile application, Cubs and Cubtale Platform Infastructure are secured by means of widely accepted high-end security measures.

On Cubtale mobile application, your account is protected by a password. App passwords are required to be at least 8 characters, and contain a combination of letters, numbers and symbols. All password data is one-way encrypted and cannot be recovered by anyone besides the reset process, and all social login processes (Apple, Facebook, Gmail) are secured by their own OAuth processes.

User data is automatically backed up by Cubtale. Data is encrypted both in the database and during the backup process. It may be replicated in multiple Availability Zones for redundancy. While logged in, Cubtale app gives you full control over your data and with whom you want to share it. However, we may disclose your personal information, when required and/or permitted by law, regulation and/or legal process, when there is an emergency or need to protect your/others’ rights/safety, or when we have your consent. Personally identifying data from the user profile is stored separately from health event data in our database. The profile data and health data require an encoded key to link them for the purpose of enabling each authenticated user to access his or her own data.

All in-app payments are handled as in-app purchases through the Apple App Store and Google Play Store. We never hold financial information on our own servers. You can read more about Apple’s data protection policies here, and Google’s data protection policies here. All payments on our site for purchasing cubs are handled through the Shopify infrastructure. You can read more about Shopify’s data protection policies here.

On Cubs, the latest chip technology with on-board security measures is used to prevent access to your data from unauthorized actors. The pairing process between the app and the Cubs comply with the latest bluetooth technology and all required data is communicated over a secure channel. All data communicated between the Cubs and our servers is protected over SSL. Our OTA (Over the Air) update mechanism makes sure you are always on the latest version of the software and conveys the patches over SSL encrypted channels.

Cubtale Platform Infastructure is hosted on Amazon Web Services. You can learn more about the AWS security infrastructure here. Data stored at the databases on Cubtale is encrypted using the industry standard AES-256 encryption algorithm. This includes our automated backups, read replicas, and snapshots. All Cubtale endpoints are secured via SSL and only accessible over HTTPS. While Cubtale’s Availability SLA is 99.7%, the app also contains features that help maintain offline functionality.


All Cubtale employees who interface with data systems are trained on data security practices regularly. Additionally, we require all employees and non-employee contractors to sign confidentiality agreements.

Cubtale transfers some customer data (anonymously) to third parties to support the delivery and quality of our Services. Below, you may see the details on the identity, location and role of each subprocessor. As Cubtale grows, it may be necessary to update the list of subprocessors. 

  • Amazon Web Services: Cloud Service Provider - United States
  • Google, LLC: Analytics, App Store Delivery, Payment Processing - United States
  • Amplitude, Inc: Analytics
  • Apple Inc: Analytics, App Store Delivery, Payment Processing - United States
  • Atlassian Corporation Plc: Issue Tracking, Email Notifications - Australia
  • Slack Technologies, Inc.: Internal Messaging - United States
  • Hubspot: CRM, Email Notifications - United States


Although our security measures surpass any comparable consumer product, no one can guarantee that the information communicated over the Internet is secure and/or free from error/delay. We highly rely on the latest security and encryption techniques, and we follow the improvements in security breaches to have updates/patches when necessary.