- User machines store no application data other than session tokens, which expire frequently (JWTs, explained under Software Notes)
- Public-facing application servers do not store any business data, such as login information, records of calls, user data, client information, etc.
- All business data is stored on non-publicly accessible encrypted database (see Encryption Policy for details)
- Active data (such as outstanding calls, remote expert status, etc.), is stored in secured, non-publicly accessible Redis server
- No user interfaces have any access to stored data