Skip to main content

Enterprise-Grade Security You Can Trust

Protecting sensitive healthcare data with bank-level encryption, annual third-party security audits, and comprehensive compliance controls.

Request Security DocumentationContact Us

Security Is Our Foundation

When pharmaceutical and medical device companies trust Mobile Locker with their most sensitive HCP engagement data, we take that responsibility seriously. Our security practices protect your data, ensure compliance, and give you peace of mind.

Annual Security Audits

Third-party penetration testing and security assessments

AES-256 Encryption

Military-grade encryption at rest and in transit

AWS Infrastructure

ISO 27001, PCI-DSS, SOC 1 certified data centers

Comprehensive Security Controls

Multiple layers of protection for your sensitive data

Encryption

At Rest:

AWS KMS with AES-256 algorithm. Keys stored in FIPS 140-2 validated hardware security modules.

In Transit:

TLS 1.3 for all connections. Non-TLS connections not permitted.

Backups:

Encrypted with point-in-time recovery capability.

Authentication

Password Security:

Passwords stored salted and hashed using bcrypt.

Single Sign-On:

Optional SSO integration (Okta, Azure AD, PingIdentity).

Multi-Factor Authentication:

2FA/MFA available for all user accounts.

Access Controls

Data Access:

Minimal staff access to private data, restricted by job function.

Role-Based Permissions:

Granular user roles and permissions within your organization.

Audit Trails:

Complete logging of all data access and changes.

Infrastructure

Cloud Hosting:

AWS secure data centers in us-east-1 and eu-west-1 regions.

Certifications:

ISO 27001, PCI-DSS, SOC 1 certified infrastructure.

Updates:

Continuous server patching and security updates.

Development Security

Code Reviews:

All code changes reviewed before deployment.

Automated Testing:

Comprehensive test coverage for security vulnerabilities.

Secure Configuration:

Security hardening and configuration best practices.

Independent Testing

Annual Audits:

External penetration testing and security assessments.

Test Reports:

Security test reports available to customers upon request.

Continuous Monitoring:

Ongoing security monitoring and threat detection.

Compliance & Data Protection

Meeting regulatory requirements for healthcare data

GDPR Ready

Data processing agreements available for EU customers. Right to erasure, data portability, and access controls built-in.

  • EU data residency option (eu-west-1)
  • Data processing agreements (DPA)
  • User data export and deletion tools

HIPAA Considerations

While Mobile Locker stores HCP engagement data (not patient PHI), we implement HIPAA-aligned security controls for customers who require them.

  • Business Associate Agreements (BAA) available
  • Encryption and access controls exceed HIPAA requirements
  • Audit logging for compliance reporting

Note: Mobile Locker is designed for HCP engagement tracking, not patient data. Most implementations do not involve PHI. Contact us to discuss your specific compliance requirements.

Responsible Disclosure Program

We believe in transparency and collaboration with the security community. If you discover a potential security vulnerability in Mobile Locker, we encourage you to report it responsibly.

What We Consider a Valid Security Issue:

A security vulnerability must meet the following criteria to qualify for our responsible disclosure program:

  • Presents a material risk to data confidentiality, integrity, or availability
  • Is not publicly disclosed or trivially discoverable (e.g., DNS enumeration, HTTP headers, directory listings)
  • Demonstrates actual impact beyond theoretical vulnerability
  • Is reproducible on our production systems

Trivial or non-exploitable issues (e.g., outdated libraries without known CVEs, cosmetic misconfigurations, or publicly enumerable infrastructure) may not receive a response.

How to Report:

Use our contact form to report security concerns. Select "Security" from the interests field and describe the vulnerability in detail.

What to Include:

  • Description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact and severity assessment
  • Your contact information (optional but appreciated)

Our Commitment:

  • Acknowledge receipt within 24 hours
  • Prioritized engineering response to valid security issues
  • Keep you informed of remediation progress
  • Recognize responsible disclosure contributors (with permission)

Security Resources

Documentation and policies for customers

Security Documentation

Detailed security white papers, architecture diagrams, and compliance documentation available to customers.

Request Documentation

Penetration Test Reports

Annual third-party penetration test reports available to enterprise customers under NDA.

Request Reports

Privacy Policy

Review our privacy policy to understand how we collect, use, and protect your data.

View Privacy Policy

Questions About Our Security?

Our security and sales teams are ready to help

Use our contact form to reach out with any security questions, demo requests, or compliance inquiries. Select the appropriate interests field and our team will respond promptly.

Go to Contact Form

Trusted by 45+ Global Life Science Companies

Experience enterprise-grade security with Mobile Locker

Schedule DemoContact Us