Skip to main content

Data Security

How ClapDiet protects your personal and health data

4 min readUpdated Jan 15, 2026

Data Security

Your health data is sensitive. Here's how ClapDiet keeps it safe.

Our Security Promise

We treat your health data with the same care as medical records:

  • Bank-level encryption
  • HIPAA-compliant infrastructure
  • Regular security audits
  • Strict access controls

    • Encryption

    In Transit

    All data traveling between your device and our servers:

  • Encrypted with TLS 1.3
  • The same standard used by banks
  • Cannot be intercepted or read

    • At Rest

    All data stored on our servers:

  • Encrypted with AES-256
  • Encryption keys secured separately
  • Even we can't read raw database files

    • On Your Device

    Local data on your phone:

  • Encrypted by your device OS
  • Protected by your device password/biometrics
  • Not accessible without unlocking

    • Infrastructure Security

    Where We Host

  • AWS (Amazon Web Services)
  • SOC 2 Type II certified data centers
  • Physical security controls
  • Redundant backups

    • Network Security

  • Web Application Firewall (WAF)
  • DDoS protection
  • Intrusion detection
  • Regular vulnerability scanning

    • Access Controls

  • Employees have minimal access
  • No access to your health data without your consent
  • Audit logs for all access
  • Regular access reviews

    • Application Security

    Authentication

  • Secure password hashing (bcrypt)
  • Multi-factor authentication (optional)
  • Brute force protection
  • Secure session management

    • Authorization

  • Role-based access control
  • You control who sees your data
  • No unauthorized sharing

    • Secure Development

  • Security code reviews
  • Dependency vulnerability scanning
  • Penetration testing
  • Bug bounty program

    • Third-Party Security

    AI Providers

    When we use AI (like Gemini or OpenAI):

  • Data is anonymized before processing
  • No personal identifiers sent
  • AI providers don't store your data
  • Contractual privacy protections

    • Payment Processing

    Handled by Stripe:

  • We never see full card numbers
  • PCI DSS Level 1 compliant
  • Industry-leading security

    • What We DON'T Do

    ❌ Sell your data

    ❌ Share with advertisers

    ❌ Allow unauthorized access

    ❌ Store unnecessary data

    ❌ Use data for purposes you didn't consent to

    Your Role

    Help keep your data secure:

  • Use a strong password
  • Enable two-factor authentication
  • Don't share your login
  • Log out on shared devices
  • Keep your device secure

    • Reporting Security Issues

    If you discover a security vulnerability:

  • Email: security@clapdiet.com
  • We take all reports seriously
  • Responsible disclosure appreciated
    • Related Articles:
  • HIPAA Compliance
  • Who Can See Your Data
    • securityencryptionprotectionsafeprivacy
    Next

    HIPAA Compliance