AverCareDocs

Security & privacy by design

The engineering guardrails that keep your health data yours.

The privacy page covers the promises. This page covers how they're actually enforced in the code — at a level that explains the approach without handing out a map of the locks.

Authentication and identity

Every request that touches your data is tied to you. Sessions are established at sign-in and checked on every protected endpoint, so one user can never read another's chats, vitals, or documents. Sign-in supports email/password and Google, and accounts using the same email merge cleanly rather than fragmenting your history.

Least privilege everywhere

  • Permissions are scoped. Features request only the access they need — camera for a scan, a specific set of health categories, calendar only if you link it.
  • Admin actions are gated. Internal tooling is protected by fine-grained scopes, so even staff access is limited to exactly what a role requires.
  • Third-party access is fenced in. Outbound integrations are constrained to known, allow-listed destinations rather than "anything goes."

Defense in depth

Good security doesn't rely on a single wall. AverCare layers checks — identity, scope, validation, and allow-lists — so that if one assumption is wrong, the others still hold.

Validated at the edges

Data coming in from clients is validated against strict schemas before it's trusted. Malformed or unexpected input is rejected at the door instead of being quietly stored, which closes off a whole category of bugs and abuse.

Secrets stay on the server

Sensitive keys for AI models, storage, and third-party services live only on the server. Where the app needs to reach a private resource (like a stored document), it goes through a server-side proxy that authenticates on your behalf — so private links and credentials never reach the browser.

Rate limits and cleanup

Expensive, abusable surfaces — like starting real-time AI video sessions — are rate-limited per user and capped for concurrency, with stale sessions reaped automatically. This protects both your account and the system as a whole.

You can leave completely

Account deletion is a true teardown: it ends active AI sessions, removes the avatar personas created for you, and cascades the removal of your data — not just a hidden flag on a row that lingers forever.

Wearables & the watch

Bluetooth bands, phone health hubs, and AverCare's own watch apps.

On this page

Authentication and identityLeast privilege everywhereValidated at the edgesSecrets stay on the serverRate limits and cleanupYou can leave completely