Security at KeptWell

Sensitive fields are encrypted at rest. That includes chat messages, API keys, and other fields that should never be readable from a database backup. Everything else lives in PostgreSQL with strict access controls.

All traffic to and from KeptWell uses TLS in transit. File uploads (scans, PDFs, audio recordings) are stored on Cloudflare R2 and served via signed expiring URLs — by default a link is valid for five minutes. There are no permanent public URLs for your files.

Every piece of data is scoped to a care circle. A circle is a private space for one patient and the family members invited to help. There is no cross-circle data bleed; users explicitly switch between circles, and data does not leak across them.

Within a circle there are two roles — admin and member. Admins manage uploads and invitations. Members view, comment, and use chat.

AI chat history is private per user. Even within the same circle, your conversations are not visible to other members.

We use Anthropic's Claude API for document understanding and chat. Anthropic provides a Business Associate Agreement (BAA) covering HIPAA, so protected health information stays inside that perimeter — your data is not used to train third-party models.

When chat needs to consult outside sources, web search and web fetch are constrained to a curated allowlist of medical domains, so research is grounded in reputable sources rather than the open web.

PHI hygiene is enforced by a system prompt that instructs the model never to send identifying information to external tools, and a post-hoc audit checks model output for accidental leakage.

KeptWell is built on Rails, PostgreSQL, and Sidekiq. We use UUID primary keys and timezone-aware timestamps throughout. Development, staging, and production environments are isolated.

Dependencies are kept current and security-scanned. Every change is reviewed and runs through static analysis (rubocop, brakeman) and a full test suite before it ships.

We are still drafting our formal incident response process. When it's published, it will live here. In the meantime, anything you spot or worry about — email us and we will respond.

For security questions, vulnerability reports, or anything you want a real human to look at:

[email protected]