ZoePaths

Security

How we protect your mental health data

Last updated: 9/15/2025

Our Security Approach

At ZoePaths, we take the security of your mental health data seriously. We believe in transparency about our current security measures and are committed to continuously improving our security practices.

Current Security Measures

🔐 Authentication & Access Control

  • Authentication Framework: Industry-standard authentication systems
  • Session Management: Secure session handling with automatic expiration
  • User Isolation: Each user can only access their own data
  • Password Protection: Secure password storage and validation

🌐 Web Security

  • HTTPS Encryption: All data transmission is encrypted in transit
  • Secure Headers: Modern web security headers implementation
  • CSRF Protection: Cross-site request forgery prevention
  • Input Validation: Server-side validation of all user inputs

🗄️ Database Security

  • Database Security: Standard database access controls
  • User Isolation: Database queries are scoped to individual users
  • Connection Security: Secure database connections
  • Backup Procedures: Regular data backup processes

⚠️ Important Security Notice

Current Limitations: While we implement standard web security practices, we want to be completely transparent about our current security implementation:

  • We do not currently use advanced encryption for data at rest
  • Your journal entries are stored using standard database security measures
  • We do not implement multi-factor authentication (MFA)
  • We do not use end-to-end encryption

Why This Matters: Your journal entries may contain sensitive mental health information. While we protect against common web vulnerabilities, advanced encryption would provide additional protection for your data.

Data Protection Practices

How We Protect Your Data

  • All data is transmitted over encrypted HTTPS connections
  • Database access is restricted to authorized personnel only
  • Regular security assessments and updates
  • Prompt response to any security incidents
  • Regular security updates and patches

What We Don't Do

  • We never read your personal journal entries
  • We don't share your data with third parties
  • We don't use your content for advertising
  • We don't sell your personal information

Security Monitoring

Ongoing Security Measures

  • Ongoing system monitoring for suspicious activity
  • Regular security log analysis
  • Threat detection and prevention measures
  • Regular security assessments and updates
  • Security awareness and best practices

Incident Response

  • Prompt response to security incidents
  • User notification of any security breaches
  • Regular security incident reporting
  • Continuous improvement of security practices

🔮 Future Security Enhancements

We are actively working to improve our security posture. Planned improvements include:

  • Enhanced Encryption: Implementing AES-256 encryption for data at rest
  • Multi-Factor Authentication: Adding MFA support for additional account security
  • Advanced Access Controls: Implementing role-based access control (RBAC)
  • Security Auditing: Enhanced logging and audit trails
  • Compliance Frameworks: Working toward SOC 2 and other security certifications

Timeline: These improvements will be implemented gradually over the next 6-12 months, with priority given to the most critical security enhancements.

Your Security Responsibilities

Account Security

  • Use a strong, unique password for your account
  • Never share your login credentials with others
  • Log out when using shared devices
  • Report any suspicious activity immediately

Data Protection

  • Be mindful of what you write in your journal entries
  • Consider the sensitivity of your mental health data
  • Regularly review and update your privacy settings
  • Export your data regularly as a backup

Security Best Practices

General Security Tips

  • Keep your devices and browsers updated
  • Use antivirus software on your devices
  • Be cautious of phishing attempts
  • Use a password manager for secure password storage
  • Enable two-factor authentication where available

Mental Health Data Considerations

  • Consider the sensitivity of your mental health information
  • Be aware that digital data can potentially be accessed by others
  • Consider using pseudonyms or avoiding identifying details
  • Regularly review and delete old entries if desired

Reporting Security Issues

If you discover a security vulnerability or have concerns about the security of your data, please report it to us immediately:

🚨 Security Email: security@zoepaths.com

📧 General Support: support@zoepaths.com

🌐 Website: zoepaths.com

We take all security reports seriously and will respond promptly. If you believe your account has been compromised, please contact us immediately.

Security Updates

We regularly update our security practices and will notify users of any significant security changes. You can stay informed about security updates by checking this page regularly or contacting our security team.