Cellar← Home

Security

How Cellar protects your records

Last updated June 2026

We describe our security plainly, and we claim only what's true. Here is exactly how your records are protected.

Encryption

Every document and every extracted detail is encrypted at rest with envelope encryption: a unique data key per record, wrapped by a per-account key, wrapped in turn by a key-management service. Only minimal, non-sensitive metadata (dates, categories) is kept in plaintext, to order your timeline. Everything is encrypted in transit with TLS.

How processing works, stated honestly

To read and organize a document, Cellar decrypts it transiently, in your assigned processing region, and sends it to a third-party AI model under no-training production terms. The specific provider is named on our Subprocessors page. There is no staff path to your records: the only systems that ever see plaintext are the processing pipeline and your own authenticated requests.

This is “compliant processing,” not an architecture where the operator is technically incapable of access. We don’t claim otherwise. Our roadmap moves processing into a confidential-computing enclave so that even we cannot observe plaintext during processing. The system is already built behind a single interface so that becomes a swap, not a rewrite.

Accuracy & source-grounding

A wrong fact in a medical record is a safety issue, so we engineer against it. Extraction runs as a multi-step pipeline with self-verification, and every fact is grounded to the exact page and text it came from. Values are added to your record as soon as they’re read; nothing is withheld. Anything low-confidence or conflicting is clearly flagged as unconfirmed for you to confirm or remove. The original document is always preserved.

Access control

Authentication is passwordless (a secure link to your email). Every database table enforces row-level security, so each request can only ever reach its own account’s data. Share links are time-limited, revocable, validated by a hashed token, and show the owner when they have been opened. By default Cellar also emails the owner each time a link is opened; that can be turned off in Settings.

Browser & API safeguards

Cellar sends restrictive browser security headers, blocks cross-site authenticated actions, rate limits sensitive endpoints, validates upload content against file signatures, and keeps public share-link tokens out of server-side QR-code query logs. Sensitive API responses are marked private and no-store.

Privacy activity

Settings shows a metadata-only privacy activity trail for important actions such as exports, document deletion, AI-consent changes, and share-link events. We do not log health-record content, document names, share tokens, IP addresses, or user-agent strings there. The email Cellar sends when a shared link is opened is metadata-only too: it says a link was opened, never who opened it.

No analytics or tracking

Cellar includes no third-party analytics, advertising pixels, session recording, or trackers, and sets no advertising cookies. Acquisition measurement is first-party and aggregate only, as described on the privacy page. The only data sent off the app for diagnostics is scrubbed error reports: record content, document names, share tokens, and identifiers are removed before an event leaves the process.

Responsible disclosure

Security researchers can contact security@carecellar.com. We publish a standard security.txt file at /.well-known/security.txt so reports reach the right place quickly.

Your control

You can export everything (your originals plus your structured record) in one tap, anytime. Deletion is permanent: it destroys your account key, which makes every encrypted record cryptographically irrecoverable, and purges your stored files. Once it’s gone, no one can bring it back.

Not medical advice

Cellar organizes, restates, and charts your own records. It does not diagnose, recommend treatment, or predict disease. Always consult a qualified clinician about your care.

Security · Cellar