Your Data Fortress
Your health data is the most personal data that exists. We protect it with strong, modern security practices and a privacy-first design.
How Your Data is Protected
Every piece of data you share with SHELY passes through multiple layers of encryption and security controls.
Standards We Align With
Our security and privacy program is built around the standards and regulations that matter most for healthcare data. Formal certifications are pursued as the platform matures.
SHELY is a growing platform. The frameworks above guide how we design and operate our systems today; independent audits and formal certifications (such as SOC 2 Type II and ISO 27001) are part of our compliance roadmap, not yet completed.
Your Data Rights
You own your data. These rights are always active and can be exercised at any time through your Privacy Portal.
Download Your Data
Export a complete copy of all your personal and health data in standard formats.
Delete Your Data
Permanently remove all your data from our systems within 48 hours.
Control Sharing
Manage exactly who can access your data and for what purpose.
Stay Anonymous
Use health calculators without an account. No data stored.
Our Security Program
These are the practices our security program is built on to protect your data at every level.
Real-Time Monitoring
Continuous threat detection and anomaly monitoring across our systems, with automated alerting.
Vulnerability Scanning
Automated scanning of our infrastructure, dependencies, and application code for known vulnerabilities.
Penetration Testing
We plan to engage independent security firms to conduct penetration tests of our systems and applications as we scale.
Independent Audits
As the platform matures, we intend to pursue independent third-party audits and formal certifications such as SOC 2 Type II and ISO 27001.
Incident Response
A documented incident response plan with prompt user notification in the event of a security incident.
Found a Vulnerability?
We take security reports seriously. If you have discovered a vulnerability, please report it responsibly and we will work with you to resolve it.
PGP key available upon request for encrypted reports