Security and Encryption


At Health Connect AI, we take the security and privacy of your data very seriously. We fully understand the trust you are giving us to store your information. That trust is based upon us keeping that data both private and secure. The information on this page is intended to provide transparency about how we protect that data. We will continue to expand and update this information as we add new security capabilities and make security improvements to our products.

Product Security

Securing our Internet-facing web service is critically important to protecting your data. Our software team drives an application security program to improve code security hygiene and constantly check our service for common application security issues including: CSRF, injection attacks (XSS, SQLi), session management, URL redirection, and clickjacking.

We have gone beyond the norm and have embedded additional privacy measures directly into the design and architecture of our application. We encrypt every field that personally identifies you, your accounts and your passwords. As a result, your personal data stays encrypted and protected at all times. We have taken additional steps to ensure that even our software developers and support staff are unable to view your data.

We never receive a copy of your password or encryption key and don’t use any escrow mechanism to recover your encrypted data. This means that if you forget your password, we cannot recover your data.

Password Security

Health Connect AI never stores your password in plaintext. When we need to securely store your account password to authenticate you, we use PBKDF2 (Password Based Key Derivation Function 2) with a unique salt for each credential. We select the number of hashing iterations in a way that strikes a balance between user experience and password cracking complexity.

We protect you further by requiring passwords of at least 8 characters. We maintain a list of the 10,000 top passwords and wont allow you to select a password that appears in this list.

Dedicated Network Security Team

Security is a dedicated team within our data storage centers. Our security team’s charter is protecting the data you store in our service. A dedicated team of security experts simulate real-world attacks at the network, platform, and application layers. The result is continual improvement in the ways the servers can detect and protect against security breaches.

Resiliency and Availability

We only utilize Microsoft Azure and Amazon EC2 and S3 servers. Microsoft Azure guarantee at least 99.9% availability, and Amazon guarantee 99.99% up-time and availability.

We operate a fault tolerant system and network architecture to ensure that Health Connect AI is there when you need it, wherever you may be. This includes:

  • Diverse and redundant Internet connections.
  • Redundant network infrastructure including switches, routers, load balancers, and firewalls.
  • Scalable system architecture built using a large number of independently operating shards, each servicing a small slice of our user base.
  • Shards architected as pairs of redundant servers, providing hot standby capabilities should a single server fail.
  • Servers engineered with redundant power, redundant network hardware, and storage deployed in a RAID configuration.

Our data center provides fault tolerant facility services including: power, HVAC, and fire suppression.

Report a security issue

If you believe you’ve found a security vulnerability in a Health Connect AI application, the Health Connect AI platform, or our infrastructure that could harm Health Connect AI or anyone who uses Health Connect AI, please let us know by e-mailing details of your finding to [email protected].

Please remember our User Guidelines and don’t violate anyone’s privacy, interfere with anyone’s account, or destroy any data. Please don’t interrupt or degrade our services. And please give us a reasonable amount of time to respond before publicly disclosing your findings.

Customer Security Tips

Use a different password on Health Connect AI than any other site you log into. That way, if someone learns your password on another site, you won’t have to worry about them also being able to access your Health Connect AI account.

Avoid using simple passwords that could be looked up in a dictionary. Instead, choose a complex password that is at least 8 characters long and contains a mix of uppercase and lowercase letters, numbers, and special characters. Equally good is picking a phrase that is at least 20 characters long.

A password manager can make both of these easy to do. We suggest using the 1Password or LastPass applications.

Scroll to Top