Security

Protecting Your Data and Privacy

Your Security is Our Priority: We implement industry-leading security measures to protect your sensitive mental health information.

Data Encryption

In Transit

All data transmitted between your device and our servers is encrypted using Transport Layer Security (TLS) 1.3, the latest and most secure encryption protocol.

At Rest

Your data is encrypted in our databases using AES-256 encryption, a military-grade encryption standard trusted worldwide.

Authentication & Access Control

  • Secure Password Storage: Passwords are hashed using bcrypt with salt
  • JWT Tokens: Secure token-based authentication
  • Session Management: Automatic timeout after inactivity
  • Two-Factor Authentication: Optional 2FA for enhanced security
  • Role-Based Access: Strict access controls for our team

HIPAA Compliance

As a mental health platform, we comply with the Health Insurance Portability and Accountability Act (HIPAA):

  • Administrative Safeguards: Security policies, workforce training, incident response
  • Physical Safeguards: Secure data centers, environmental controls, device security
  • Technical Safeguards: Encryption, access controls, audit logs, integrity controls

Infrastructure Security

Hosting

Our infrastructure is hosted on secure, HIPAA-compliant cloud platforms with:

  • 24/7 monitoring and intrusion detection
  • Redundant backups across multiple geographic locations
  • Automatic security updates
  • DDoS protection

Network Security

  • Firewalls and network segmentation
  • Regular penetration testing
  • Vulnerability scanning
  • Security information and event management (SIEM)

Data Privacy

  • No Third-Party Sharing: We never sell or share your data with third parties for marketing
  • Minimal Data Collection: We only collect what's necessary to provide our service
  • Data Retention: Clear policies on how long we keep your data
  • Right to Deletion: You can request deletion of your account and data at any time

Incident Response

In the unlikely event of a security breach:

  • We will notify affected users within 72 hours
  • We maintain detailed incident response procedures
  • We work with cybersecurity experts to contain and resolve incidents
  • We conduct thorough post-incident reviews

Your Role in Security

You can help keep your account secure by:

  • Using a strong, unique password
  • Enabling two-factor authentication
  • Not sharing your login credentials
  • Logging out on shared devices
  • Reporting suspicious activity immediately

Report a Security Issue

If you discover a security vulnerability, please report it responsibly to:

📧 security@wellnessneha.com

Please do not publicly disclose security issues until we've had a chance to address them.

Questions?

For security-related questions, contact our security team at security@wellnessneha.com