Security & trust
You're entrusting us with your family's most sensitive documents. Here's how we protect them.
Encryption at rest
All documents are envelope-encrypted with AES-256-GCM. The data-encryption key (DEK) is wrapped by a per-household KMS key. If S3 leaks, ciphertext alone is useless.
Encryption in transit
TLS 1.3 across every edge, with HSTS preload. Internal service-to-service traffic stays inside the VPC.
MFA + passkeys
TOTP is mandatory for Principal accounts. WebAuthn / passkey support recommended. SMS is a fallback only.
Audit log on every action
Every sensitive mutation writes an append-only audit record with actor, IP, user-agent, and timestamp.
SOC 2 + HIPAA aware
SOC 2 Type I planned for end of 2026, Type II by Q3 2027. BAAs in place with infrastructure providers for healthcare directives.
Principle of least privilege
Row-level scoping by household. Service accounts are scoped to a single bucket prefix. Zero standing access to production data for engineers.