Sign Up
Security

Your Data Security Is
Our Top Priority

We use industry-leading security practices to protect your sensitive health information at every step.

How We Protect Your Data

At MyMedicalCabinet, we understand that your health information is deeply personal. That's why we've built our platform with security at its core, using the same technologies trusted by banks and healthcare organizations worldwide.

Encryption at Rest

All data stored in our database is encrypted using AES-256 encryption, the same standard used by government agencies. Your information is unreadable without proper authentication.

MongoDB Atlas AES-256

Encryption in Transit

All data transmitted between your device and our servers is protected with TLS 1.3 encryption. This prevents anyone from intercepting your information while it's being sent.

HTTPS TLS 1.3

Secure Authentication

Your password is never stored in plain text. We use bcrypt hashing with salt to ensure that even if our database were compromised, your password would remain protected.

JWT Tokens bcrypt

Rate Limiting

We protect against brute-force attacks and abuse by limiting the number of requests that can be made to our servers. This keeps your account safe from automated attacks.

API Protection DDoS Prevention

Client-Side Processing

When you scan your insurance card, the image processing happens entirely on your device. The actual image never leaves your phone—only the extracted text is sent to our servers.

Local OCR Privacy by Design

Secure Document Storage

Medical documents you upload are stored in AWS S3 with server-side encryption. Access is controlled through secure, time-limited URLs that only you can generate.

AWS S3 Presigned URLs

Our Security Practices

Regular Security Updates

We keep all our systems and dependencies updated to protect against known vulnerabilities.

Input Validation

All user inputs are validated and sanitized to prevent injection attacks and data corruption.

Secure Environment Variables

All sensitive credentials and API keys are stored as encrypted environment variables, never in code.

Access Control

Each user can only access their own data. All API requests are authenticated and authorized.

Have Security Questions?

We take security seriously and are happy to answer any questions you may have about how we protect your data.

Contact Us