Security
The specific things we do to protect your family's data.
Last updated 2026-05-03
KeptWell holds some of the most sensitive information a family ever shares: diagnoses, scans, conversations with doctors, voice recordings, private chat. Here is what protects it, in detail. If anything below is unclear, email security@keptwell.org.
Encryption
- In transit
- TLS 1.3 on every request to KeptWell.
- At rest
- AES-256 on the database, applied at the field level for chat content, journal entries, audio transcripts, and patient names.
- Private AI chats
- AI chat history is encrypted at rest and access-restricted to your account. Other members of your circle cannot read your chats through KeptWell.
Where your data lives
- Database
- PostgreSQL on US-based infrastructure.
- Files (PDFs, images, audio)
- Cloudflare R2 in the United States.
- File access
- Every download is a signed URL that expires after 5 minutes. There are no permanent public URLs to your documents.
- Processing
- All processing happens in the United States.
Who can see what
Care circles are isolated. A document uploaded in one circle is not visible to any user in any other circle, ever.
Two roles per circle: admin (manages uploads, invitations, members) and member (view, comment, chat).
Your private notes and your AI chat are private to you, even inside a shared circle.
Sensitive fields are encrypted at rest. KeptWell staff cannot read them through the application; access is limited to the small number of operators with production database and key-management credentials, and only for incident response or with your explicit consent. We can see metadata (account email, when you logged in, how many uploads you have) for support and billing.
AI handling and HIPAA
KeptWell's AI uses Anthropic's Claude API under a signed Business Associate Agreement (BAA). Anthropic is HIPAA-compliant for the API tier we use, and they are contractually prohibited from training on any data we send.
When you ask the AI a question, only the documents and notes it needs to answer go to Claude, not your full medical record.
For web research, the AI can search and read pages on a curated allowlist of clinical sources (NIH, NCI, PubMed, major academic medical centers, ACS). It cannot send your personal information to a search engine. A system-level prompt prevents it, and a separate audit step checks every outbound query for accidental leakage.
Subprocessors
We use a small number of vendors to run KeptWell. Each has a contract in place that limits what they can do with your data:
- Anthropic
- AI processing (BAA, no training on data).
- Cloudflare R2
- Encrypted file storage (US region).
- Sentry
- Error reporting (identifying details scrubbed before transmission).
- Resend
- Transactional email (sign-in links, notifications).
- Database and application hosting
- US-based, HIPAA-eligible infrastructure.
Compliance status
- HIPAA-aligned architecture and BAA coverage of the AI provider.
- We are not currently HITRUST-certified.
- We are not a HIPAA-covered entity ourselves; we are a business associate when we handle data on behalf of a family.
What we ask of you
- Use a strong, unique password.
- Don't share your account login. Invite family members to your circle instead. That's what circles are for.
- Lock your phone. KeptWell is only as secure as the device you're signed in on.
If something goes wrong
Vulnerability reports: email security@keptwell.org. We respond within one business day.
Want the plain-English version of how we handle your data?
See your data, in plain English →