Privacy practices

We do not sell your personal information to or share it with any third parties for any purposes. If the need to share data arise, we will not proceed without your explicit consent. Check out our Privacy Policy for more information Cloud Infrastructure myFit is hosted on a Virtual Private Cloud on Google Web Services which provides a secure and scalable technology platform to ensure we can provide you services securely and reliably. Perimeter Security We have deployed Defense in Depth Architecture using a network firewall, web application firewall, DDoS protection layer, and a content delivery network. Our infrastructure is launched in compliance with the Google Well Architected Framework and from the security perspective incorporating practices from the Google Cloud Adoption Framework We have a 3-Tier Architecture which incorporates best practices from various standards and certifications We have strict network segmentation and isolation of environments and services in place. Host Security We use industry leading solutions around anti-virus, anti-malware, intrusion prevention systems, intrusion detection systems, file integrity monitoring, application control, application and audit log aggregation, and automated patching All our servers are launched using the Center for Internet Security Benchmarks for Google Cloud Computing Platform. Data Security We employ separation of environments and segregation of duties and have strict role-based access control on a documented, authorized, need-to-use basis We use key management services to limit access to data except for the entire team Stored data is protected by encryption at rest and sensitive data by application level encryption We use data replication for data resiliency, snapshotting for data durability and backup/restore testing for data reliability. Incident and Change Management We have deployed mature processes around Change Management which enables us to release thoroughly tested features for you both reliably and securely enabling you to enjoy the myFit experience with maximum assurance We have a very aggressive stance on Incident Management on both Systems downtime and Security and have a Network Operations Center and an Information Security Management System in place which quickly reacts remediates or escalates any Incidents arising out of planned or unplanned changes. Vulnerability Assessment and Penetration Testing We have an in-house network security team which uses industry-leading products to conduct manual and automated VA/PT activities We employ both static application security testing and dynamic application security testing which is incorporated into our continuous integration / continuous deployment pipeline We also leverage CRISC-IN certified auditors to do periodic testing and audits of our processes. Responsible Disclosure We at myFit are committed about our customer's data and privacy We blend security at multiple steps within our products with state-of-the-art technology to ensure our systems maintain strong security measures The overall data and privacy security design allows us to defend our systems ranging from low hanging issue up to sophisticated attacks If you are a security enthusiast or a researcher and you have found a possible security vulnerability on any Fluxtra products, we encourage you to report the issue to us responsibly You could submit a bug report to us at with detailed steps required to reproduce the vulnerability We shall put best of our efforts to investigate and fix the legitimate issues in a reasonable time frame, meanwhile, requesting you not to publicly disclose it.