Your Health Data Security

We take the security of your health information seriously. Here's exactly how we protect your data — no marketing buzzwords, just the truth.

Encrypted Data Storage

Your health data is stored in an encrypted PostgreSQL database with TLS connections. All data in transit is protected with HTTPS/TLS encryption.

  • TLS-encrypted database connections
  • HTTPS for all data in transit
  • Encrypted connection strings
  • Secure cloud-hosted infrastructure

Secure Authentication

Industry-standard authentication with bcrypt password hashing, JWT session tokens, and secure password reset via email with time-limited tokens.

  • bcrypt password hashing (12 salt rounds)
  • JWT-based session management (30-day expiry)
  • Secure password reset with 1-hour token expiry
  • Email enumeration prevention

Privacy by Design

We collect only the data you explicitly provide. Your health information is never sold or shared with third parties. You control your data.

  • No third-party data sharing
  • Minimal data collection
  • Full data export available
  • Account deletion support via contact form

Reliable Infrastructure

Hosted on modern cloud infrastructure with automated backups and monitoring to keep your health data safe and available.

  • Cloud-hosted with automated backups
  • Server-side rendering for security
  • API route authentication checks
  • Environment variable secret management

Data Governance

Clear data handling policies, user-accessible data export, and transparent privacy practices. Your data belongs to you.

  • Full JSON data export
  • Clear data retention policies
  • Transparent privacy policy
  • User rights and data portability

Access Controls

Every API route verifies authentication before processing requests. Users can only access their own data — no cross-user data exposure.

  • Server-side session verification
  • User-scoped database queries
  • Protected API endpoints
  • Secure route middleware

Our Commitment to Transparency

What We Do

  • Encrypt all database connections with TLS
  • Hash passwords with bcrypt (industry standard)
  • Verify authentication on every API request
  • Scope all data queries to the authenticated user
  • Allow full data export at any time
  • Never sell or share your health data

Important Disclaimers

  • DiabetesTracker Pro is not a medical device
  • This app does not replace professional medical advice
  • Always consult your healthcare provider for medical decisions
  • AI food analysis provides estimates, not exact measurements

Questions about security?

If you have concerns about how your data is handled, we're happy to answer.

Contact Us