MetaVigil Talk to our team

MetaVigil

Security

Last updated:

We treat your data like it's our own grandmother's data. Here's the shape of how we secure it.

How it travels

  • The sensor talks to our server over your home WiFi. CSI frames move on the local network using a custom binary protocol.
  • The server-to-app channel is TLS, certificate-pinned where the OS allows.
  • metavigil.care is served over HTTPS only.

How it lives at rest

  • Postgres on Supabase, with row-level security keying every read on the caregiver's account.
  • Backups encrypted; access requires multi-factor sign-in for the engineer on call.
  • We don't store raw CSI longer than the few minutes needed to process it into wellness summaries.

Who's on the inside

  • 1PuttHealth employees and contractors with a need to know.
  • No third-party advertising partners. There aren't any.

Disclosure of vulnerabilities

We welcome reports from researchers acting in good faith. Email security@metavigil.care. We will acknowledge within two business days and credit you in our changelog if you want.

If you find something serious, please give us a window to fix it before going public. We are a small team that takes this seriously and won't drag our feet.

Compliance

MetaVigil is positioned as a wellness device, not a medical device, so it is not subject to FDA medical-device regulation. We design as if we'll someday need to meet HIPAA — encryption everywhere, audit logs, access controls — even though most early deployments aren't HIPAA-covered entities.

We have never had a breach. If that changes, we will tell affected users and the relevant regulators on the timelines the law requires.

Questions

security@metavigil.care.