← Back to home
Security
What we do today to protect accounts and training data.
This page summarizes the current security posture. For questions, contact info@medrelayapp.com.
Pillar
Access Control
Supabase Auth with Row Level Security policies designed for tenant isolation and role-based access.
Pillar
Service Key Handling
Service-role credentials are used only from server routes and are never exposed to browser code.
Pillar
AI Guardrails
Paid AI routes use rate limiting, bounded request sizes, input sanitization, and prompt delimiters.
What we do and do not do
We do
- Use HTTPS/TLS in transit for web traffic.
- Use Supabase Auth and Row Level Security at the database level.
- Keep the Supabase service-role key on server routes only.
- Rate limit AI API routes and wrap user input in prompt delimiters.
We do not
- Store patient PHI; scenarios use simulated patients only.
- Provide clinical decision support for real patient care.
- Integrate with live ePCR systems.
- Claim external security certification at this stage.
Incident contact: info@medrelayapp.com
MedRelay is an educational simulation tool. It is not a clinical decision support tool and must not be used in real-world patient care.