Privacy you can trust
Team-isolated data, role-based permissions, and HIPAA-compatible infrastructure. No cross-team leakage, no overpromises.
Security principles
Team isolation
Each team's data is stored separately. Firestore security rules enforce strict boundaries—there is no code path that allows one team to access another team's data.
Role-based permissions
Admins can invite and manage members. Members can create and edit entries. No one outside the team can see anything.
Verified membership
Invitations are matched to verified email addresses. You can only join a team if you control the email address that was invited.
No PHI in URLs
Entry IDs in URLs are opaque identifiers. Child names, phrases, and clinical data never appear in browser history or server logs.
HIPAA-compatible infrastructure
We describe Gestallt's security posture as "HIPAA-compatible infrastructure" rather than "HIPAA compliant" or "HIPAA certified." Here's why this language matters:
For healthcare organizations: If your organization requires a Business Associate Agreement (BAA), please contact us. We can discuss your specific requirements and our infrastructure's capabilities.
Technical implementation
| Layer | Implementation |
|---|---|
| Authentication | Firebase Authentication (email/password) |
| Authorization | Custom JWT claims for team membership and roles |
| Data storage | Firebase Firestore with security rules |
| Access control | Firestore rules enforce team isolation at query level |
| Server logic | Firebase Cloud Functions (Node.js) |
| Edge deployment | Cloudflare Workers |
What we don't do
Your entries are yours. We don't sell, share, or analyze them for advertising.
There is no admin mode that lets us view your team's data without your permission.
Data is encrypted at rest by Firebase/Google Cloud infrastructure.
We're honest about what our infrastructure provides vs. what requires organizational policy.
Questions about security?
Read the full documentation or contact us with specific requirements.