Trust · privacy & data handling

Brain data is the most sensitive data a person owns. We treat it that way. 

Concussion and TBI data sit under heightened privacy frameworks. Our architecture is designed to meet them, not skirt them.

Six commitments

What we will & will not do. 

Read this as a spec sheet. Each line is a standing commitment, not a marketing promise.

01

Privacy by architecture

On-device capture, with scoring on our secured servers. Subject data never leaves the device in identifiable form for marketing, analytics, or commercial use.

02

HIPAA-aligned practices

Administrative, physical, and technical safeguards designed to align with HIPAA requirements. Formal compliance pathway is part of the regulatory roadmap, not yet certified.

03

Encrypted at rest and in transit

Encrypted in transit with TLS, and at rest through our managed Postgres backend. Every capture record is protected by a per-subject SHA-256 hash chain that makes silent tampering detectable, and operator credentials are hashed with PBKDF2-SHA256. Health and behavioral data are never stored or transmitted in plaintext.

04

Role-scoped access

Authorized clinicians, researchers, or program operators see only the records their role and program permit. Permissions are scoped, audited, and revocable.

05

Subject data ownership

Subjects and their authorized guardians retain ownership of their data. Deletion can be requested at any time, and operators can export or delete their account directly from Settings.

06

Never sold to advertisers

We never sell or rent your identifiable personal, health, or behavioral data, and it is never shared with advertisers or data brokers. Identifiable data is used only to run the service, when you direct us to, or when the law requires it. With explicit consent and strict safeguards, de-identified and aggregated data may support approved scientific and clinical research that advances brain-injury care. Every case is spelled out in our Privacy Policy.

Frameworks we design against
01HIPAA
02FERPA
03GDPR

We design against the framework that applies to each deployment. Frameworks listed are those informing current architecture and planned international expansion.

Questions

Answered plainly. 

Under NDA

Deeper architectural detail, for qualified partners.