Built secure from the ground up
Health data is among the most sensitive data that exists. We treat it that way — with multiple layers of protection and a minimal attack surface.
Device-level encryption
Your health database uses AES-256 encryption. The key is derived from your device biometrics or passcode using the OS secure enclave — meaning even we cannot access your data.
Local-first architecture
The app makes no outbound network requests during normal operation. No health data leaves your device unless you explicitly trigger a sync or export action.
End-to-end encrypted sync
When you enable iCloud sync, data is encrypted client-side before upload using keys derived from your Apple ID. Our servers store only ciphertext — we cannot read your synced data.
No third-party SDKs with data access
We do not include advertising SDKs, third-party analytics that access health content, or social login SDKs that could exfiltrate your session data.
Minimal permissions
Medical Companion requests only the permissions it needs: local notifications for dose reminders and HealthKit write (if you choose to enable it). No contacts, no microphone, no camera.
Secure FHIR export
FHIR R4 export bundles are generated entirely on-device and shared directly via the iOS share sheet. They are never routed through our servers.
Responsible disclosure
If you discover a security vulnerability in Medical Companion, we ask that you report it to us privately before public disclosure. We will acknowledge your report within 48 hours, investigate thoroughly, and keep you informed of our progress.
Contact security team