Placeholder Document: This Security page is preliminary and intended for internal review purposes only. Final content will be reviewed by legal and security counsel prior to commercial product launch.
Core Security Pillars
Data Encryption
All data transmitted through the WearableDose platform is encrypted using TLS 1.2 or higher. Data at rest is protected using AES-256 encryption across all storage systems.
Access Controls
Role-based access control (RBAC) ensures users can only access data relevant to their role. Multi-factor authentication is available for all platform accounts.
Infrastructure Security
The platform is hosted on enterprise-grade cloud infrastructure with continuous monitoring, automated threat detection, and regular penetration testing.
Compliance Alignment
Our security practices are designed to align with HIPAA requirements for healthcare data, NIST 800-171 for defense-related applications, and SOC 2 Type II principles.
Security Practices Status
| Practice | Status |
|---|---|
| Encryption in Transit | Implemented |
| Encryption at Rest | Implemented |
| Role-Based Access Control | Implemented |
| Multi-Factor Authentication | Available |
| Audit Logging | Implemented |
| Vulnerability Scanning | In Progress |
| Penetration Testing | Planned |
| SOC 2 Type II Audit | Planned |
| HIPAA Business Associate Agreement | Available |
| NIST 800-171 Alignment | In Progress |
Our Security Commitment
Security is foundational to the WearableDose platform. We operate at the intersection of healthcare, defense, and precision technology — environments where data integrity and confidentiality are not optional. Our security program is designed to protect patient data, clinical research, and operational information from unauthorized access, disclosure, and misuse.
This page provides a transparent overview of our current security posture, practices, and roadmap. We believe security should be visible and verifiable, not hidden behind vague assurances.
Data Security Architecture
WearableDose uses a layered security architecture that protects data at every stage of its lifecycle:
Collection Layer: Radiation dose data from wearable sensors is transmitted over encrypted channels using device-level authentication. Sensor firmware is signed and validated before deployment.
Transmission Layer: All API communications use TLS 1.2 or higher with certificate pinning for mobile applications. Sensitive payloads are additionally encrypted at the application layer.
Storage Layer: All data at rest is encrypted using AES-256. Encryption keys are managed through a dedicated key management service with rotation policies. Database access is restricted to application service accounts with least-privilege permissions.
Access Layer: User authentication is managed through a secure OAuth 2.0 flow. Session tokens are short-lived and invalidated on logout. Administrative access requires multi-factor authentication.
Healthcare Data Compliance
Where the WearableDose platform is used in clinical settings involving Protected Health Information (PHI) under HIPAA, we operate as a Business Associate and execute Business Associate Agreements (BAAs) with covered entities.
Our HIPAA compliance program includes: • Technical safeguards: encryption, access controls, audit controls, and integrity controls • Administrative safeguards: security officer designation, workforce training, risk analysis • Physical safeguards: facility access controls and workstation security policies
We do not use PHI for any purpose other than providing the contracted services. De-identified data used for research and analytics is processed in accordance with HIPAA Safe Harbor or Expert Determination standards.
Defense and Government Security
For defense and government applications, WearableDose is developing security controls aligned with NIST SP 800-171 for the protection of Controlled Unclassified Information (CUI). This includes:
• Access control policies aligned with NIST 800-171 requirements • System and communications protection controls • Audit and accountability mechanisms • Incident response procedures
We work with defense customers to understand their specific security requirements and can provide documentation supporting Authority to Operate (ATO) processes where applicable.
Note: WearableDose does not currently hold any government security clearances. Classified system integration is not supported at this time.
Incident Response
WearableDose maintains an incident response plan that defines procedures for detecting, containing, and recovering from security incidents. Key elements include:
Detection: Continuous monitoring of platform infrastructure with automated alerting for anomalous activity.
Containment: Defined procedures for isolating affected systems and preserving forensic evidence.
Notification: In the event of a data breach affecting personal or health information, we will notify affected individuals and relevant authorities within the timeframes required by applicable law (typically 72 hours for HIPAA breaches, 30 days for CCPA).
Recovery: Post-incident review and remediation to prevent recurrence.
To report a suspected security incident or vulnerability, please contact [email protected] immediately.
Responsible Disclosure
WearableDose welcomes responsible disclosure of security vulnerabilities. If you discover a potential security issue in our platform or website, please:
1. Email [email protected] with a description of the vulnerability 2. Include steps to reproduce the issue and any relevant technical details 3. Allow us reasonable time to investigate and address the issue before public disclosure 4. Do not access, modify, or delete user data during your research
We commit to acknowledging receipt within 48 hours, providing regular updates on our investigation, and crediting researchers who responsibly disclose valid vulnerabilities (with their permission).
We do not pursue legal action against researchers who follow these guidelines in good faith.
Report a Security Issue
If you discover a vulnerability or suspect a security incident, please contact us immediately.
[email protected] →© 2026 WearableDose, Inc. All rights reserved.