CH · Security

Modeled honestly. Reviewed openly.

What we defend against. How we defend it. And what we tell you when something fails.

Threat model

What we defend against.

Insider threat

Database admins see ciphertext. PHI keys never live on our servers. The audit log records every query.

Server compromise

Attacker gets ciphertext. Keys live on patient devices. Chain logs every access attempt — including failed ones.

Government request

Records produced only via patient-issued grant tokens. Subpoenas land on the patient's inbox, not ours, by design.

Supply chain

Pinned dependencies. Reviewed updates. Vendored builds for critical services.

Infrastructure

Network

Private VPCs per tier. mTLS between services. East-west traffic encrypted. Border WAF + rate limiting.

Hosting

AWS us-east-1 + us-west-2 for HIPAA-eligible services with signed BAAs. Cloudflare front for static brand sites.

Identity

MFA for staff. Hardware-key 2FA for clinical operators. Per-tenant KMS for envelope encryption.

Monitoring

Sentry for errors. Datadog for ops. CloudTrail for AWS. App-level audit log to append-only S3 with Object Lock.

Response

Disclosure window

30-day public disclosure for fixed vulns. 90-day max for unfixed (per CISA norms). Affected patients notified inside the regulatory window.

Bug bounty

Responsible disclosure rewarded. Critical PHI-class vulns: $5k–$25k. Sev-1 RCE: $25k–$100k.

Postmortem

Public postmortem within 14 days for any incident affecting ≥1k records or any service downtime ≥1 hour.

The mathematical foundation of Conceptual Health®

CH = (S × Sp)^C × (T + E)^p × (ER × RS)^(C/3)

U.S. Patent Pending 63/921,717