Home

Trust Center

This page is maintained by My Health Passport to answer common security and privacy questions. It describes the safeguards enabled today; it is not an independent certification.

Access & authentication

  • Email/password and Google sign-in.
  • Role-based access (patient, practitioner, manufacturer, admin) enforced by row-level security.
  • Configurable session inactivity timeout with re-authentication before Export and Tap-to-share.
  • Optional MFA-required flag per account.

Data protection

  • All traffic is HTTPS/TLS.
  • Database encryption at rest is provided by our hosting platform.
  • Additional application-layer AES-256-GCM encryption for the most sensitive PHI fields (date of birth, diagnoses, free-text notes).
  • Automatic PHI scrubbing in logs, error traces, and AI agent inputs/outputs.

Auditability

  • Unified PHI access log covering reads, writes, exports, shares, and handoffs.
  • Immutable audit trail for share-token use and practitioner activity.
  • Anomaly detection for bulk exports, off-hours access, repeated failures, and wide practitioner sweeps.

Your rights

  • Download a complete copy of your data at any time.
  • Request permanent account and data deletion from Account & data.
  • Revoke any active share link from your profile.

Incidents & disclosures

Suspected security issues or privacy concerns can be reported tosecurity@myhealth.app. We will acknowledge reports within one business day.