Security overview
High-level security practices. We avoid absolute claims unless we can specify what is encrypted, which keys exist, and where decryption can occur.
Encryption at rest
Data stored on your device is protected using the platform's built-in encryption (e.g. iOS Data Protection, Android Keystore). We don't store your health data on our servers in plain text.
Key management
Keys used to protect your data are managed on your device. We don't hold keys that would allow us to decrypt your health data. (Specific key model and backup behaviour will be documented when finalised.)
Backups and device loss
If you use device backups (e.g. iCloud, Google Backup), your data may be included according to your backup settings. We recommend using a strong device passcode and, where available, backup encryption. If you lose your device, you can revoke access from your account and export your data from a new device if you had sync enabled.