Security at MumWell

MumWell is designed with UK data protection principles at its core. We adhere to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Key principles include:

• Data minimisation — we only collect data essential for providing our services
• Purpose limitation — your data is used only for the purposes stated in our Privacy Policy
• Storage limitation — health data is retained only as long as your account is active
• Right to erasure — you can request deletion of your data at any time

All data transmitted between your device and our servers is encrypted using TLS 1.3 (Transport Layer Security). Data stored in our database is encrypted at rest using AES-256 encryption, the same standard used by financial institutions.

MumWell is built on enterprise-grade cloud infrastructure with SOC 2 Type II certified providers. Our infrastructure includes:

• Automated security patching and updates
• DDoS protection and Web Application Firewall
• Regular automated backups
• Geographic data residency controls

We implement strict access controls to ensure your data is only accessible to you:

• Row-Level Security (RLS) ensures each user can only access their own data
• Authentication tokens are securely managed with automatic expiration
• Administrative access is restricted and audited
• API endpoints are protected with authentication and rate limiting

Our AI Assistant uses your health data only within the context of your conversation to provide personalised guidance. We do not:

• Use your health data to train AI models
• Share your health data with third parties for advertising
• Store AI conversation logs beyond your active session unless explicitly saved

Reporting Security Issues

If you discover a security vulnerability or have concerns about the security of your data, please contact us immediately:

• Email: security@mumwell.app
• General support: support@mumwell.app

We take all security reports seriously and will respond within 48 hours.