Your health data is yours.
We treat your health data the way we'd want ours treated — encrypted, access-controlled, and never sold. Here's exactly how we protect it.
Encryption
In transit
All connections use TLS 1.3. Every request between your browser and our servers is encrypted. Vercel's edge network handles SSL termination with automatic certificate renewal.
At rest
Your data is stored in Neon PostgreSQL with AES-256 encryption at rest. Database backups are encrypted. We use connection pooling with SSL required — no unencrypted database connections.
Passwords
Passwords are hashed with bcrypt (12 salt rounds) before storage. We never store, log, or transmit plaintext passwords. Password reset uses time-limited, single-use tokens.
Sessions
Authentication uses signed JWT tokens with configurable expiry. Sessions are stateless — no session data stored server-side. Tokens are HTTP-only and secure-flagged.
Access Controls
Role-based access
Strict role separation between regular users and administrators. Users can only access their own data. Admin access to health data requires explicit justification and is time-limited.
Rate limiting
API endpoints are rate-limited per IP: 5 login attempts/min, 3 signups/min, 10 uploads/min, 30 chat messages/min, 100 general API calls/min. Exceeding limits returns 429 with retry-after headers.
CSRF protection
All mutating API requests (POST, PUT, PATCH, DELETE) validate the Origin header against the Host header. Cross-origin requests are rejected with 403.
Content Security Policy
Strict CSP headers prevent XSS, clickjacking, and data injection: no iframes (frame-ancestors: none), no inline scripts except Next.js requirements, restricted connect-src to our API and AI provider only.
Security headers
HSTS with 1-year max-age and preload, X-Frame-Options DENY, X-Content-Type-Options nosniff, strict referrer policy, restrictive permissions policy (camera self-only, no microphone/geolocation).
Audit Logging
Every action that touches health data is logged. This isn't just good practice — it's the foundation of HIPAA-ready architecture.
What we log
Data Practices
What we do
- Store your data in encrypted PostgreSQL (Singapore region, Neon)
- Process AI queries via Anthropic Claude — your data is sent for analysis, not training
- Send transactional emails via Resend (verification, password reset only)
- Collect anonymous usage analytics via PostHog (feature usage, not health data)
- Provide full data export (GDPR) — download everything we have on you
- Delete your account and all data permanently on request
- Run automated encrypted backups
What we never do
- Sell your data to anyone, ever
- Use your health data to train AI models
- Share your data with advertisers or data brokers
- Store plaintext passwords
- Send marketing emails without consent
- Access your health data without explicit need and audit trail
- Retain data after account deletion
HIPAA Readiness
ByoMap is built with HIPAA-ready architecture: encrypted storage, audit logging, access controls, and role-based permissions. As a self-upload platform where you enter your own data, ByoMap is not currently a HIPAA-covered entity. When we add direct provider integrations (FHIR, Epic, etc.), we will activate a full HIPAA Business Associate Agreement.