Apple-Level Privacy for Your Health Data

Your health information belongs to you alone. We use the same encryption that protects Apple Pay and Face ID to keep your records private—even from us.

7 Layers of Protection

Available Health doesn't rely on any single security measure. We implement defense in depth with multiple independent layers.

1

Biometric Authentication

Face ID, Touch ID, or Optic ID required to open the app

2

Secure Enclave

Hardware-isolated key storage on Apple's security chip

3

Field-Level Encryption

Every piece of sensitive data encrypted with AES-256-GCM

4

Apple File Protection

Database files completely inaccessible when your device is locked

5

PII Redaction

Personal identifiers stripped before any cloud communication

6

Encrypted Transit

All network communication over HTTPS with TLS 1.3

7

Zero Data Retention (Pro)

HIPAA-compliant processing with no server-side data storage

Pro

Hardware-Level Security with Apple's Secure Enclave

On supported devices, your encryption keys are stored in the Secure Enclave, a dedicated security chip physically isolated from the rest of your device. This is the same technology Apple uses to protect Face ID data and Apple Pay credentials.

  • Your encryption keys are protected at the hardware level
  • Even with physical access to your device, keys cannot be extracted
  • Apple's security architecture protects your keys on Mac, iPad, and iPhone

Military-Grade Encryption (AES-256-GCM)

Every piece of your health information is encrypted with 256-bit AES-GCM encryption before it's ever stored. This is the same encryption standard used by governments and financial institutions worldwide.

We encrypt:

Personal identity informationContact detailsInsurance informationMedical conditionsMedicationsLab resultsVital signsVisit notesAI conversations

Your data is encrypted before it's stored, not just at the storage level. Even with direct database access, your information remains unreadable without your biometric authentication.

Your Face (or Fingerprint) Is the Key

On devices with biometric support, Available Health uses Face ID or Touch ID to unlock your health data. There's no password to remember, lose, or have stolen in a data breach.

  • Your biometric data never leaves your device
  • Device passcode serves as a secure fallback
  • Encryption keys are cleared from memory when the app is locked

Zero-Knowledge Cloud Sync

Want your health records on your iPad and Mac? Available Health syncs seamlessly across your devices while maintaining complete privacy.

1

Encrypted on Device

Your data is encrypted on your device before it ever leaves

2

Secure Transit

Only encrypted data travels to iCloud (Apple sees ciphertext only)

3

Keys via Keychain

Encryption keys sync separately via iCloud Keychain's end-to-end encryption

4

Local Decryption

Your other devices decrypt locally after Face ID or Touch ID authentication

The result: Apple cannot read your health data. We cannot read your health data. Only you can.

Free vs. Pro: What's Protected

Every Available Health user gets strong privacy protection. Pro subscribers get additional guarantees.

Free Plan

De-Identification

Your personal identifiers are automatically stripped before any cloud processing. While we de-identify your information, we cannot guarantee zero data retention or HIPAA compliance on the free tier.

  • Full local encryption
  • Biometric authentication
  • PII redaction for AI
  • Secure Enclave protection
Pro Plan

Zero Data Retention + HIPAA Compliance

Document imports and AI chat use HIPAA-compliant infrastructure with a zero data retention policy. Your data is processed and immediately discarded. Nothing is stored on our servers.

  • Everything in Free, plus:
  • HIPAA-compliant AI processing
  • Zero data retention policy
  • BAA-covered infrastructure

Automatic Privacy Protection

When you ask questions about your health, we automatically protect your identity before anything leaves your device.

What You TypeWhat Gets Sent
"John Smith""Male age 67"
Your birth date"age 67"
Your phone number[Phone]
Your address[Address]
Your insurance ID[Insurance ID]

This happens automatically, every time, with no action required from you. Your questions get answered. Your identity stays private.

Built for Healthcare Compliance

Our architecture is designed with healthcare regulations in mind.

Encryption at rest for all stored health data
Encryption in transit for all network communication
Biometric access controls preventing unauthorized access
Audit-ready practices with comprehensive security documentation
No HTTP caching of sensitive requests
Token-based authentication (no passwords stored)

Why This Matters

Your health records contain some of the most sensitive information about you: your diagnoses, your medications, your genetic risks, your mental health history. This information deserves protection that matches its sensitivity.

Cloud-based AI chat services have their place, but some information is too personal to leave your device. For users who want the benefits of AI without centralized data storage, a different approach is needed.

That's why we built Available Health as a local-first application. Your health data lives on your device, encrypted with keys only you control. When we do need to process something in the cloud, we strip your identity first and offer zero data retention on Pro plans.

Your health data is yours. We built Available Health to keep it that way.

Questions about our security practices?

Read Privacy PolicyContact Us