Security & Data

Your Members' Data, Protected by Design

Built for organisations working with vulnerable people. Privacy isn't a feature — it's the foundation.

Where Your Data Lives

  • All data stored in the UK (London, eu-west-2 region) on Supabase infrastructure
  • PostgreSQL database with row-level security on every table
  • No data leaves the UK. No international transfers
  • Data controller: Yak Development Ltd, registered in England & Wales (Company No. 17039217)

Encryption & Access Control

  • End-to-end encryption in transit (TLS 1.3)
  • AES-256 encryption at rest for all stored data
  • Private storage buckets with signed URLs (1-hour expiry) for sensitive files
  • On-device encryption using Secure Enclave hardware on iPhone
  • Biometric app lock (Face ID / Touch ID) for individual users
  • Multi-factor authentication (TOTP) supported

The Health Data Firewall

Community organisers CANNOT access members' health profile data. Ever.

  • Health data (conditions, medications, vitals, symptoms) is exclusively available within the family care circle
  • The Angel Bridge feature shares attendance context only — never health information
  • Row-level security policies enforce this at the database level, not just the UI level

GDPR Compliance

  • Fully compliant with UK GDPR and Data Protection Act 2018
  • Lawful basis for processing: legitimate interests (care coordination) and explicit consent
  • Data Subject Access Requests (DSARs) honoured within 30 days
  • Right to erasure: members can delete their account and all associated data at any time
  • Data Processing Agreement (DPA) available on request for Organisation plan customers
  • Privacy Policy and plain-language "How We Use Your Data" page linked below

AI Data Handling

  • AI processing uses Azure AI Foundry in UK South region
  • Zero data retention — prompts and responses are not stored by the AI provider
  • HealthKit vitals stay on-device; only aggregated summaries are used for AI care briefs
  • No AI model is trained on user data

Audit & Accountability

  • Enterprise audit logs track every action (actor, action, resource, timestamp)
  • Organisers can review activity within their managed spaces
  • Annual security review commitment

Have specific security questions?

Email security@alwaysthereforyou.app
Privacy Policy|Your Data