Data Security and Privacy at Breathy 🛡️

Your Trust is Our Foundation.

How We Protect Your Data 🔒

At Breathy, we understand the sensitive nature of health information. Protecting your data is not just a feature; it's fundamental to our operation. We employ multi-layered security measures:

• Encryption: All data transmission between your device, our servers, and Supabase is encrypted using industry-standard TLS protocols (like HTTPS). Think of it like sending a sealed, unreadable letter instead of a postcard. Sensitive data stored in our database (at rest) also uses strong encryption provided by Supabase/PostgreSQL.
• Secure Infrastructure:We leverage Supabase's secure, compliant infrastructure, which benefits from regular security audits and best practices. Our applications run on reputable cloud platforms with built-in security features.
• Access Controls:We use strict Role-Based Access Control (RBAC) and Supabase's Row Level Security (RLS). This means your data is only visible to you and authorized personnel (like the doctor you have an appointment with, only for relevant information). It's like having specific keys that only open specific doors.
• Authentication: Secure login is handled via Supabase Auth, using One-Time Passwords (OTPs) sent to your phone and secure session management to prevent unauthorized account access.
• Regular Audits & Updates: We regularly review our code for security vulnerabilities and keep our software components (dependencies) updated to protect against known threats.

Your Data, Your Control ✅

• Ownership: You own your health data. Breathy provides the platform to manage it securely.
• Transparency: Our Privacy Policy details exactly what data we collect, how we use it, and your rights regarding that data.
• Anonymization (Where Applicable): For analytics or improving our services (like understanding popular search terms), any data used is anonymized and aggregated. This means your personal identity is completely removed, ensuring privacy.
• Secure Sharing: Future features for sharing records will require your explicit consent and use secure methods.

We are committed to maintaining the highest standards of data security and privacy. If you have any questions or concerns, please don't hesitate to contact us.