LookinBody Web: InBody Cloud Data Management Software
Security Policy (as of July 19, 2021)
The LookinBody Web service (https://usa.lookinbody.com) is a service that allows you, the user, to manage all data measured by InBody devices on the cloud using Microsoft Azure’s Web Apps. Please refer to the following table for security policies relating to this service.
Operational Security Certification
Cloud services are hosted through Microsoft Azure.
PCI DSS compliant
Retention of Personal Information or Confidential Information
Hosted on Microsoft Azure’s HIPAA compliant server.
The LookinBody Web service is based on Microsoft Azure's Web Apps.
WAF, IDS, IPS Deployment
Protected by Microsoft Azure’s IPS (Intrusion Prevention System)
Access and usage logs are automatically recorded
Authentication Method When Using LookinBody Web
ID and password are used, and the following security measures are taken:
Authentication method for Downloading Personal Information
Member List Page: Personal Information Download Feature
Exported Excel file will have the Mobile number identification field masked for the first 6 digit
Login records can be verified using the using the Check User Log feature available through the Administrator Login in the Setup menu.
Logs will be saved by date and contain ID and IP address details
Database is encrypted using TDE.
Data Deletion Method
Deletion of data stored on the LookinBody Web service will be permanently removed from the LookinBody Web Portal, however a de-identified copy of the deleted data may be kept by our system for Quality Control and Research purposes.
HIPAA/Covered Entities: For compliance with HIPAA, user data will be retained for a period of 6 years even if the user account managing the data is deleted.
Full Data Deletion
For full data deletion:
All 3 steps must be completed for full data deletion
Restricting Access to Personal Information Data
Certain members of the LookinBody team who oversee system development and operation have limited access to users’ personal information for purposes of incident management, as follows:
System Development and Operation-Side Personal Computer Management
LookinBody, LTD, which is responsible for system development and operation, manages personal computers as follows, not including the above personal information data restrictions mentioned above:
Cloud Service Locations
Microsoft Azure Data center is located in the United States (West US)
Companies implementing and Utilizing this service
The service started in May 2014 and as of July 2020 over 2000 facilities have registered for the service globally.
2. For more information on Microsoft Azure, please visit the Microsoft home page below: