SOC 2 Type 2

AllClear ID Health, Inc. successfully completed the AICPA Service Organization Control (SOC) 2 Type 2 audit. The audit confirms that AllClear ID’s information security practices, policies, procedures, and operations meet the SOC 2 standards for security.

An unqualified opinion on a SOC 2 Type 2 audit report demonstrates to AllClear ID’s current and future customers that they manage their data with the highest standard of security and compliance.

Customers and prospects can request access to the audit report here.

HIPAA Security Statement

AllClear ID delivers services to organizations who may be defined as Covered Entities under HIPAA. Due to the nature of the services we provide, the company has undergone a comprehensive review of its administrative, technical, and physical safeguards to ensure the protection of e-PHI. This includes:

Ensuring the confidentiality, integrity, and availability of all e-PHI created, received, maintained, or transmitted

Identifying and protecting against reasonably anticipated threats to the security or integrity of the information

Protecting against reasonably anticipated impermissible uses or disclosures

Ensuring compliance by our workforce

Controls Implemented

AllClear ID has implemented the following administrative and technical Security Controls.

Risk Assessment

As part of our security management process, AllClear ID conducts annual risk assessments including likelihood and impact of potential risks. Risk assessments helps ensure that controls are appropriate to address the needs of the organization. Conducting annual assessments ensures that organizations continue to provide the highest level of security for the data that they have been entrusted to protect.

Administrative Safeguards

AllClear ID has implemented a security management process, including appropriate standard operating procedures and policies. A security manager has been assigned to help develop and review procedures and policies. Staff are kept up to date with changes and are trained on HIPAA and security annually. Internal review of these safeguards is undertaken regularly to ensure compliance and for continual improvement.

Technical Safeguards

AllClear ID has implemented appropriate technical safeguards including authentication and authorization for our employees and users of our applications. Appropriate auditing and integrity controls are in place. All data transmissions to the data centers require encryption. Additional systems have been implemented where appropriate to ensure the highest level of security for our hosted applications.

AllClear ID Health, Inc. Subprocessors

Effective date: Mar 7, 2022

Summary

To support the delivery of our Services, AllClear ID may engage and use data processors with access to certain Service Data (each, a “Subprocessor”). This page provides important information about the identity, location and role of each Subprocessor. Terms used on this page but not defined have the meaning set forth in the applicable agreement between Customer and AllClear ID (the “MSA”). ‍

Third Parties

AllClear ID currently uses third party Subprocessors to provide infrastructure services, and to help AllClear ID provide customer support and email notifications. Prior to engaging any third party Subprocessor, AllClear ID performs diligence to evaluate their privacy, security and confidentiality practices and executes an agreement implementing its applicable obligations.

Infrastructure Subprocessors

AllClear ID may use the following Subprocessors to host Service Data or provide other services infrastructure that helps with delivery of the Services:

Cloud Service Provider – United States

Mobile Application Services

Other Subprocessors

AllClear ID may use the following Subprocessors to perform other Service functions:

Updates

The Subprocessors used by AllClear ID may change over time. AllClear ID will update this page with notice of any new or different Subprocessors as appropriate and necessary.