Updated: September 10, 2025
Data Security Protocols
Our protocols detail how My Benni works to safeguard your data every day.
Encryption and health information at rest and in-transit:
All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Role-based access controls, multi-factor authentication, and audit logging are in place. Data is stored only in secure U.S. AWS environments.
Data storage and retention of health information:
Users register with their corporate or personal email address, set up multi-factor authentication, and must explicitly grant consent before any Anthem data is accessed. During the OAuth flow, Anthem is clearly displayed as the data source. Consent screens describe what information will be retrieved, how it is used, and members may revoke access at any time in app settings. We comply with CARIN Code of Conduct requirements for transparency and user-driven data control. MyBenni.AI operates in a HIPAA-compliant Amazon Web Services (AWS) environment. All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Role-based access controls (RBAC) and IAM policies enforce least-privilege access. Multi-factor authentication is required for admin access. Comprehensive audit logs track all API access and system events. Data segregation ensures PHI is isolated. We perform vulnerability scans, patching, and intend to complete SOC 2 readiness as the platform scales.
Monitoring solutions in place to help detect security vulnerabilities, malicious activity, or intentional misuse within our environment:
The platform is deployed on AWS with a modern microservices architecture. Secure VPCs, load balancers, autoscaling, and monitoring protect the environment. Data is stored in encrypted RDS instances. Authentication and authorization follow OAuth 2.0 and OpenID Connect protocols. CI/CD pipelines with GitLab include automated security checks before deployment.
Operational or security standards, certifications, and/or regulations we comply with:
MyBenni.AI operates in a HIPAA-compliant Amazon Web Services (AWS) environment. All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Role-based access controls (RBAC) and IAM policies enforce least-privilege access. Multi-factor authentication is required for admin access. Comprehensive audit logs track all API access and system events. Data segregation ensures PHI is isolated. We perform vulnerability scans, patching, and intend to complete SOC 2 readiness as the platform scales.
Our commitment to follow applicable laws and best-practices to minimize the risk of unauthorized access, use, destruction, unauthorized annotation or disclosure of user data:
All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Role-based access controls, multi-factor authentication, and audit logging are in place. Data is stored only in secure U.S. AWS environments.
Our agreement to comply with all applicable breach notification laws and provide meaningful remedies to address security, privacy, or other violations incurred because of misuse of the user's health information:
The user may revoke consent to data access at any time in app settings. You may request deletion of your account and associated data by contacting dev@mybenni.ai
Got Questions? We've Got Answers!
Effortlessly Track, Manage, and Optimize Your Personal and Business Finances. Your Comprehensive Companion.
