Privacy by architecture
On-device capture, with scoring on our secured servers. Subject data never leaves the device in identifiable form for marketing, analytics, or commercial use.
Concussion and TBI data sit under heightened privacy frameworks. Our architecture is designed to meet them, not skirt them.
Read this as a spec sheet. Each line is a standing commitment, not a marketing promise.
On-device capture, with scoring on our secured servers. Subject data never leaves the device in identifiable form for marketing, analytics, or commercial use.
Administrative, physical, and technical safeguards designed to align with HIPAA requirements. Formal compliance pathway is part of the regulatory roadmap, not yet certified.
Encrypted in transit with TLS, and at rest through our managed Postgres backend. Every capture record is protected by a per-subject SHA-256 hash chain that makes silent tampering detectable, and operator credentials are hashed with PBKDF2-SHA256. Health and behavioral data are never stored or transmitted in plaintext.
Authorized clinicians, researchers, or program operators see only the records their role and program permit. Permissions are scoped, audited, and revocable.
Subjects and their authorized guardians retain ownership of their data. Deletion can be requested at any time, and operators can export or delete their account directly from Settings.
We never sell or rent your identifiable personal, health, or behavioral data, and it is never shared with advertisers or data brokers. Identifiable data is used only to run the service, when you direct us to, or when the law requires it. With explicit consent and strict safeguards, de-identified and aggregated data may support approved scientific and clinical research that advances brain-injury care. Every case is spelled out in our Privacy Policy.
We design against the framework that applies to each deployment. Frameworks listed are those informing current architecture and planned international expansion.