ROOK is designed as a platform for collecting, processing, and delivering health data, not as a long-term data storage solution. Instead, ROOK facilitates the flow of data from various sources to its clients' systems. ROOK provides temporary storage for undelivered data, while long-term storage is the responsibility of the client.
Here's a detailed breakdown of how ROOK handles data storage, emphasizing options available in the "Enterprise Plan":
Temporary storage for undelivered data:
ROOK temporarily stores data that could not be delivered to clients via webhooks in specific buckets.
Sandbox Environment: Data is stored for 3 days.
Production Environment: Data is stored for 10 days.
This temporary storage allows clients to retrieve pending data, especially in cases of initial delivery failures.
Following the established data retention period, the data is securely encrypted and archived. This measure ensures its continued protection and inaccessibility.
Data delivery mechanisms:
ROOK offers two primary methods for delivering health data to clients: webhooks and API.
Webhooks: ROOK uses webhooks for real-time delivery of health data to client-specified URLs.
The Data Webhook delivers health data such as events and summaries.
The Notification Webhook provides updates about integration-specific actions.
API: The ROOK API allows clients to make on-demand queries for specific data. However, the API is not designed for use as a primary data storage solution.
Client-Side storage:
ROOK clients are expected to build their own backend and database to store the data they receive from ROOK.
Client applications should query their own backend for user data rather than ROOK’s API, as using the API as a primary data source is a violation of usage policies.
Clients are fully responsible for the security and management of user data once it has been delivered.
Data processing:
Before delivering the data, ROOK processes it through harmonization, standardization, cleaning, and normalization.
ROOK does not store the data after processing, sending it directly to the client.
Data anonymization:
All data stored by ROOK is anonymized by default and stored on secure servers.
"Enterprise Plan" options:
For clients with the "Enterprise Plan," there is an option to have dedicated servers [no source].
This means that a client's data can be stored on a separate entity and in a specific location, enhancing data security and compliance based on the client's requirements [no source].
In summary, ROOK is not a long-term data storage solution, and it emphasizes data delivery to client-managed systems. The platform facilitates the transfer of data from health sources to client systems, where data storage and management are the client's responsibility. Clients on the "Enterprise Plan" have the option for dedicated servers with specific locations, offering enhanced data control