Your Health Data, Protected
Leo is built with healthcare-grade security to protect your sensitive health information. Military-grade encryption, continuous monitoring, and complete transparency.
Multi-Layer Encryption
Your data is protected by multiple independent layers of encryption, ensuring security even if one layer is compromised.
Data in Transit
All data transmitted between your device and our servers is encrypted using modern TLS protocols with strong cipher suites validated by independent security researchers.
- TLS 1.2+ encryption with modern cipher suites
- Perfect Forward Secrecy (PFS) ensures past sessions stay secure
- Certificate pinning prevents man-in-the-middle attacks
- No legacy protocol fallback—only modern, secure connections
Per-User Encryption at Rest
Every user gets their own unique 256-bit Data Encryption Key (DEK). Your health data is encrypted with your personal key before it reaches the database.
- AES-256-GCM authenticated encryption with per-user keys
- Data Encryption Keys wrapped by Google Cloud KMS hardware security modules
- Automatic key rotation with seamless re-encryption
- Admin console shows encrypted ciphertext, never plaintext PHI
Field-Level PHI Encryption
Every sensitive health field—medication names, clinical notes, journal entries—is individually encrypted. Non-sensitive metadata stays queryable while PHI stays unreadable.
- 17+ collection types with per-field encryption mapping
- Encrypted fields: medication names, notes, vitals, conversations, clinical data
- Queryable metadata (dates, types, IDs) remains plaintext for functionality
- Transparent encrypt-on-write, decrypt-on-read with zero UI impact
Cryptographic Key Exchange
When you share access with a parent, caregiver, or provider, we use public-key cryptography to securely share your encryption key.
- P-256 elliptic curve key pairs generated on each user’s device
- ECDH + HKDF key agreement protocol for secure DEK exchange
- Grants automatically created when links are activated
- Instant revocation: revoking a link immediately removes decryption access
Comprehensive Security Controls
Beyond encryption, we implement defense-in-depth with multiple security controls working together to protect your data.
Multi-Factor Authentication
Protect your account with Face ID, Touch ID, or a secure PIN. Multiple authentication factors ensure only you can access your health data.
Privacy by Design
We collect only the data necessary for your care. Data minimization, purpose limitation, and user consent are built into every feature.
Tamper-Evident Audit Trail
Every access to your health data is logged with cryptographically-linked records that cannot be altered or deleted. Maintained for 7+ years.
Automatic Security Updates
Our systems are continuously monitored and patched. Security updates are deployed automatically without service interruption.
Rate Limiting & Abuse Prevention
Intelligent request throttling protects against brute force attacks. Suspicious patterns trigger automatic protective measures.
Role-Based Access Control
Healthcare providers only see what they need. Granular permissions ensure your data is shared appropriately based on your explicit consent.
Security Compliance
We implement the most rigorous healthcare and government security standards to protect your health data.
HIPAA
BAA with Google Cloud in progress
GDPR
EU data protection compliance planned
21 CFR Part 11
FDA electronic records validation planned
NIST 800-53
Security controls assessment planned
SOC 2 Type II
Third-party audit planned
HITRUST CSF
Assessment planned
ISO 27001
Certification planned
FedRAMP
Authorization planned
Need our HIPAA documentation or security policies?
Request under NDASecure Infrastructure
Built on Google Cloud's world-class infrastructure with additional security measures designed specifically for healthcare.
100% Data Isolation
Clinical trial organizations receive completely separate infrastructure. Your data never mingles with other organizations.
Regional Data Residency
Choose where your data is stored. We offer data centers in the US, EU, UK, Canada, Australia, and Asia Pacific.
Redundant Backups
Your data is backed up across multiple geographic regions with point-in-time recovery. Backups are encrypted with separate keys.
24/7 Security Operations
Our security team monitors for threats around the clock. We maintain incident response capabilities with defined SLAs.
Secure on Every Device
The Leo iOS app is designed with security at its core, leveraging Apple's hardware security features to keep your health data safe.
Biometric Protection
Face ID or Touch ID required to access your health data. Failed attempts trigger automatic lockout with optional secure wipe.
Per-User Encryption Keys
Your device generates a unique P-256 key pair on first launch. Your personal DEK is cached in the iOS Keychain and synced via Cloud KMS.
On-Device Encryption
PHI is encrypted on-device with your personal DEK before syncing. Even if intercepted, the data cannot be read without your unique key.
Cryptographic Key Exchange
Sharing access with family or providers uses ECDH key agreement—your DEK is encrypted with their public key so only their device can decrypt.
Secure Data Wipe
Lost your device? One tap securely erases all health data including cached keys, credentials, and local databases.
Incident Response
In the unlikely event of a security incident, our dedicated team follows a rigorous response plan to protect your data and maintain transparency.
How We Protect Your Data
Our security architecture is designed so that even if an attacker gained access to our servers, your personal health information would remain unreadable and protected.
Zero-Knowledge Architecture
Your health data is encrypted with your own unique key before it reaches our database. Even if someone gained access to our servers, they would see encrypted ciphertext—not your medication names, clinical notes, or conversations.
Our engineers, database administrators, and support staff cannot read your health data. Period. Only your authenticated device (and accounts you explicitly authorize) can decrypt it.
Per-User Key Isolation
Every user receives their own 256-bit Data Encryption Key (DEK), which is itself encrypted by Google Cloud KMS hardware security modules. Your key is never stored in plaintext on our servers—it’s always wrapped.
When you share access with a parent, caregiver, or provider, we use P-256 elliptic curve key exchange to securely deliver your DEK to their device—without our servers ever seeing the unwrapped key.
Immutable Audit Logs
Every access to your health data creates a permanent, tamper-evident record. These records are cryptographically linked in a chain—any attempt to modify or delete a log entry would break the chain and be immediately detected.
Audit logs capture who accessed what, when, and from where. This provides complete accountability and helps detect unauthorized access attempts.
Industry Standards
We use well-established, NIST-approved cryptographic algorithms that have been publicly analyzed by security researchers worldwide. We don’t rely on obscurity—our security comes from strong cryptography, not secrecy.
Our implementation follows industry best practices documented in HIPAA Security Rule, NIST 800-53, and OWASP guidelines. Regular third-party audits verify our compliance.
Have Security Questions?
Our security team is happy to discuss our practices, provide documentation, or address specific compliance requirements for your organization.