Security & privacy

    Your energy data is yours. Here's exactly how we protect it.

    Encryption

    All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Database backups are encrypted and stored in isolated regions.

    Row-level security, in plain English

    Every row in our database carries a user ID. Database rules — enforced at the database level, not just in app code — make it impossible for one account to read another account's check-ins, reflections, medications, or AI conversations. Even our admin tools cannot bypass this for individual records without explicit, audited intent.

    Account deletion

    Deleting your account purges every related row: profile, daily check-ins, evening reflections, medications, wearable imports, AI conversations, buddy links, email logs, and subscription records. This is irreversible and happens within minutes, not days.

    What we never do

    • Sell your data. Ever. To anyone.
    • Share identifiable data with insurers, employers, or advertisers.
    • Use your check-ins to train public AI models.
    • Track you across other sites with our cookies.

    What Myelina sees

    Our AI agent (Myelina) processes your data through privacy-respecting model providers under strict contracts. Prompts and responses are not retained for training. We only send the minimum context required to give you a useful pattern observation.

    Compliance posture

    Myelina Health is built to align with GDPR (EU/UK) and CCPA (California). We are not a HIPAA-covered entity — we are a wellness tool, not a medical device — and our architecture follows privacy-first data-minimization and access-control principles.

    Reporting a vulnerability

    Email security@myelina.health with details. We respond within 48 hours and credit responsible disclosure in our changelog.