PlateHelix

Security

PlateHelix handles sensitive household and health information. Here is how we protect it.

Authentication

Email and password authentication with secure session management. Forgot-password and email verification flows protect against takeover.

Authorization

Row-level security policies scope every database read and write to your household. Adult-member privacy modes prevent exposure of detailed health data to other household members.

Data at rest

Documents are stored in private object storage. Database access requires authenticated sessions. Service-role credentials never leave the server runtime.

Data in transit

All client/server traffic uses TLS.

Logging

Sensitive values — raw lab numbers, document contents, chat content — are never written to operational logs. We log only job IDs, statuses, providers, token counts, and redacted metadata.

AI processing

AI calls are made server-side using configured providers. API keys remain on the server. We send only the context required to fulfill each request.

Reporting an issue

If you find a security issue, please contact us privately rather than disclosing publicly.

Last updated May 13, 2026.