▪ User machines store no application data other than session tokens, which expire frequently (JWTs, explained under “Software Notes”)
▪ Public-facing application servers do not store any business data, such as login information, records of calls, user data, client information, etc.
▪ All business data is stored on non-publicly accessible encrypted database (see “Encryption Policy” for details)
▪ Active data (such as outstanding calls, remote expert status, etc.), is stored in secured, non-publicly accessible Redis server
▪ No user interfaces have any access to stored data