Encryption
Your records are encrypted in transit using modern TLS, and encrypted at rest on our infrastructure. Sensitive fields receive additional protection so that your health data is never sitting around in the clear.
Passwordless sign-in
RecordKeeper uses magic-link sign-in — there is no password to be guessed, reused, or leaked in a breach. On your devices, you can add a passcode and Face ID so the app stays locked behind your own biometrics.
Access controls
Your chart is private by default. Nothing is shared unless you explicitly grant it, and every share is scoped, revocable, and logged so you always know who can see what.
How the AI handles your data
The assistant works on your own records to answer your questions and generate recaps and reports. Your health data is not used to train advertising models or shared to build anyone else’s product.
Practices & infrastructure
We follow HIPAA-aligned practices and the principle of least privilege — access to systems is limited, audited, and granted only when needed to operate and support the service.
A note on “HIPAA certified”
There is no such thing as being “HIPAA certified” — it isn’t a certification anyone can hold, and any app claiming it isn’t being straight with you. What we can honestly say is that RecordKeeper is built on HIPAA-aligned practices: encryption, access controls, and careful data handling.
Responsible disclosure
If you believe you’ve found a security issue, please email security@recordkeeperapp.com. We read every report and take them seriously.