Explo’s data cache brings customer data into an in-memory cache powered by Redis to further improve the product experience. Explo uses Heroku Shield Redis to ensure that this aligns with both our SOC 2 Type 2 accreditation and HIPAA compliance.

Heroku Shield Redis FAQs

• Certified to handle PHI, PII, and HIPAA data
• Redis is an ephemeral data storage, meaning the data is only held temporarily
  • Our TTL (”time to live”) setting, or how long the data is held, will be at most 10 minutes
• The data is only held in memory and not written to disk, so the data is never stored
• All communication channels with Redis are fully encrypted

Compliance

• Customers are able to opt-out of using our Redis cache
  • It is recommended for a better experience, but it is not required
• Explo’s Privacy Policy is updated to reflect the use of the cache and the ability to opt-out
• Company policies, like our HIPAA Breach Notification Policy and Incident Response Plan HIPAA Addendum with Breach Notification Procedures, have been appropriately updated as well