Security & privacy
Your energy data is yours. Here's exactly how we protect it.
Encryption
All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Database backups are encrypted and stored in isolated regions.
Row-level security, in plain English
Every row in our database carries a user ID. Database rules — enforced at the database level, not just in app code — make it impossible for one account to read another account's check-ins, reflections, medications, or AI conversations. Even our admin tools cannot bypass this for individual records without explicit, audited intent.
Account deletion
Deleting your account purges every related row: profile, daily check-ins, evening reflections, medications, wearable imports, AI conversations, buddy links, email logs, and subscription records. This is irreversible and happens within minutes, not days.
What we never do
- Sell your data. Ever. To anyone.
- Share identifiable data with insurers, employers, or advertisers.
- Use your check-ins to train public AI models.
- Track you across other sites with our cookies.
What Myelina sees
Our AI agent (Myelina) processes your data through privacy-respecting model providers under strict contracts. Prompts and responses are not retained for training. We only send the minimum context required to give you a useful pattern observation.
Compliance posture
Myelina Health is built to align with GDPR (EU/UK) and CCPA (California). We are not a HIPAA-covered entity — we are a wellness tool, not a medical device — and our architecture follows privacy-first data-minimization and access-control principles.
Reporting a vulnerability
Email security@myelina.health with details. We respond within 48 hours and credit responsible disclosure in our changelog.