Security & Compliance
How PsychoSpace protects your data and ensures regulatory compliance
End-to-End Encryption
All journal entries and session notes are encrypted with XSalsa20-Poly1305 on your device before transmission. Only you and therapists you explicitly share with can decrypt your content. PsychoSpace cannot access your encrypted data — zero-trust architecture.
LLM Prompt Injection Guard
When therapists use our AI clinical note assistant, all content passes through a prompt injection detection system. This guard analyzes input for malicious patterns — hidden instructions, prompt leakage attempts, role manipulation, and token smuggling — blocking them before they reach the AI model. This ensures the integrity of AI-assisted clinical documentation.
AI Input Sanitization
Before any content reaches the AI system, it undergoes multi-stage sanitization: (1) PII redaction — names, dates, and contact information are removed; (2) Control character stripping — formatting that could confuse the AI is cleaned; (3) Content boundary enforcement — only relevant therapeutic content is passed to the AI; (4) Output validation — AI responses are verified before being shown to the therapist. No patient data is ever used to train AI models.
Multi-Factor Authentication
Therapists accessing patient data are required to use multi-factor authentication (MFA). This adds a hardware-backed security layer beyond passwords, ensuring patient data remains protected even if credentials are compromised. MFA is enforced at the database level through Row-Level Security policies.
GDPR Compliance
Full compliance with EU General Data Protection Regulation: data portability (Art. 20) — export all your data in machine-readable JSON; right to be forgotten (Art. 17) — account deletion with 30-day grace period; data retention policies — configurable automated cleanup; transparent processing — detailed privacy policy with legal bases; DPO contact — iod@psychospace.io.
Zero-Trust Architecture
We never trust, always verify. Every request is authenticated and authorized independently. Encryption keys are stored only on user devices, never on our servers in unencrypted form. Database access uses Row-Level Security (RLS) policies. API functions verify JWT tokens on every call. Even our own administrators cannot access encrypted patient content.
Data Retention & Cleanup
Automated retention policies: profile data deleted 30 days after account deletion request; journals retained 10 years post-therapy; clinical notes retained 10 years (medical documentation requirement); financial records retained 5 years (tax law); inactive accounts auto-deleted after 2 years; backups retained 90 days. All cleanup is automated via scheduled cron jobs.
Security Monitoring
Continuous security monitoring includes: automated vulnerability scanning, dependency security audits, Row-Level Security enforcement at database level, function search_path hardening against privilege escalation, restrictive RLS policies for clinical data, and regular security reviews. All security-critical database functions follow security best practices with SECURITY DEFINER isolation.
Technical Security Measures
Encryption Standards
We use XSalsa20-Poly1305 for end-to-end encryption of journal entries and clinical notes, Ed25519 for identity key pairs, and X25519 for key agreement. All data in transit is encrypted via TLS 1.3. Data at rest is encrypted by our infrastructure provider using AES-256.
AI Security Pipeline
Our AI clinical note assistant operates through a secure pipeline: (1) Content enters the pipeline from the therapist's encrypted session; (2) promptGuard detects and blocks injection attempts using pattern matching against known attack vectors; (3) sanitizeForAI removes PII and control characters; (4) The sanitized content is sent to the LLM API with a zero-retention agreement; (5) The response is validated before being returned. At no point does patient-identifiable data leave our infrastructure.
Database Security
All database access is governed by Row-Level Security (RLS) policies in PostgreSQL. Each user role (patient, therapist, admin) has precisely scoped access permissions. Clinical data tables require multi-factor authentication (AAL2) for therapist access. Security-definer functions use explicit search_path setting to prevent privilege escalation. Database backups are encrypted and retained for 90 days.
Infrastructure & Hosting
PsychoSpace is hosted on certified cloud database provider (EU region, PostgreSQL) and certified cloud hosting provider (EU region). Both providers maintain SOC 2 Type II and ISO 27001 certifications. All services run within the European Economic Area (EEA). Payment processing is handled by Stripe (PCI DSS Level 1 certified). Email delivery uses Mailtrap (GDPR compliant).
Authentication & Access Control
User authentication uses JWT tokens. Therapists are required to use multi-factor authentication (MFA) enforced at the database level via restrictive RLS policies. Session tokens are short-lived with automatic refresh. Password policies enforce minimum complexity requirements. Account deletion triggers a 30-day grace period before permanent data erasure, with cryptographic key destruction as the first deletion step.
For security-related inquiries or to report a vulnerability, contact us at iod@psychospace.io. We take all security reports seriously and will respond within 48 hours.