← Back to home

Security

What we do today to protect accounts and training data.

This page summarizes the current security posture. For questions, contact info@medrelayapp.com.

Pillar

Access Control

Supabase Auth with Row Level Security policies designed for tenant isolation and role-based access.

Pillar

Service Key Handling

Service-role credentials are used only from server routes and are never exposed to browser code.

Pillar

AI Guardrails

Paid AI routes use rate limiting, bounded request sizes, input sanitization, and prompt delimiters.

What we do and do not do

We do
  • Use HTTPS/TLS in transit for web traffic.
  • Use Supabase Auth and Row Level Security at the database level.
  • Keep the Supabase service-role key on server routes only.
  • Rate limit AI API routes and wrap user input in prompt delimiters.
We do not
  • Store patient PHI; scenarios use simulated patients only.
  • Provide clinical decision support for real patient care.
  • Integrate with live ePCR systems.
  • Claim external security certification at this stage.

Incident contact: info@medrelayapp.com

MedRelay is an educational simulation tool. It is not a clinical decision support tool and must not be used in real-world patient care.