Security at LookAfter

We design our systems so that your data is:

• encrypted in transit and at rest,
• access-controlled at the database and application levels,
• minimized and monitored on the infrastructure we use.

These practices draw on common security frameworks such as the HIPAA Security Rule, SOC 2 control families, and OWASP ASVS recommendations.

• In transit: All connections to our backend are protected with HTTPS/TLS 1.2+. We do not support unencrypted HTTP for API traffic.
• At rest: Data stored in our PostgreSQL database (Neon) is encrypted at rest using industry-standard encryption mechanisms (e.g., AES-256 at the storage layer).
• Secrets: API keys and credentials (for example, Google Cloud service accounts) are stored in environment variables or secret managers, not in code or client apps.

• Passwords: We use modern password hashing (e.g., Argon2id) with appropriate parameters and rehashing on login when needed. Plaintext passwords are never stored.
• Sessions & tokens: We use short-lived JWT access tokens plus rotating refresh tokens stored in httpOnly, secure cookies. Refresh tokens are hashed in our database.
• Login protection: We rate-limit login attempts and can temporarily lock accounts after too many failed attempts, reducing the risk of brute-force attacks.
• Optional extra security: As we grow, we plan to add additional protections such as two-factor authentication (2FA) where appropriate.

On your side, we encourage you to use a strong, unique password and keep your device locked, especially if you share devices at home.

• Row-level isolation: Each user’s records (profile, logs, analyses, chat, family tree) are scoped by user ID and, where relevant, family tree ID. Our queries are written to prevent cross-user access; one user cannot read another user’s data by default.
• Family sharing: When family members join a Family Circle, they only see information they have been granted access to through the family tree model. Cross-family access is not allowed at the SQL layer.
• Internal access: Access to production data by staff is strictly limited to roles that need it (for example, infrastructure operators). Access is logged and monitored.

These measures align with standard least-privilege and access-control practices seen in audited systems such as SOC 2 and HIPAA-aligned environments.

We run LookAfter on infrastructure and AI services that offer strong security guarantees:

• Database: Neon PostgreSQL with encryption at rest and secure connectivity.
• AI models: Google Cloud’s Vertex AI (Gemini models), which runs in Google’s secured cloud environment with its own security and compliance posture.
• Hosting: A modern cloud platform (e.g., Render/Railway) with managed security patches, TLS termination, and network isolation.
• Other subprocessors: Email providers (for transactional emails), error tracking, logging/monitoring, and analytics tools where used.

We maintain a Subprocessors section listing the core vendors we rely on and what data they process, similar to how other SaaS providers document their subprocessors on their trust pages.

• Backups: Our primary database is backed up on a regular schedule so we can recover from infrastructure failures or accidental data loss.
• Retention: Backups are retained for a limited time window and are encrypted at rest.
• Testing: We periodically verify that backups can be restored.

These practices support availability and integrity requirements found in frameworks like SOC 2 and the HIPAA Security Rule.

• Monitoring: We use structured logging and monitoring to detect unusual errors or performance issues in our API.
• Incident response: If we ever discover a security incident that materially affects your data, we will investigate, contain, and remediate it as quickly as possible. Where legally required, we will notify affected users and relevant authorities within the applicable timelines.

For researchers: If you believe you have found a vulnerability, please email us at office@lookafterai.health. We support responsible disclosure and will work with you to address valid issues.

Guidance on timely breach notification and response comes from frameworks like GDPR, HIPAA, and common security best practices.

We are working to align our controls with commonly recognized frameworks, including:

• SOC 2 Type II style controls for security and availability,
• HIPAA Security Rule safeguards for health-related data where applicable,
• OWASP ASVS guidance for secure API and application design.

At this stage, LookAfter is not a covered entity or certified HIPAA provider and does not claim formal HIPAA or SOC 2 certification. As we grow and begin to work with insurers, employers, or clinicians, we plan to formalize this posture and may enter into Business Associate Agreements (BAAs) with relevant partners.

Security is a shared responsibility. You can help protect your data by:

• Choosing a strong, unique password for LookAfter.
• Keeping your phone and other logged-in devices locked with a PIN, biometric, or password.
• Not sharing your verification codes or passwords with others.
• Installing OS and app updates promptly to benefit from security fixes.

If you ever suspect unauthorized access to your account, please reset your password and contact us immediately at office@lookafterai.health.