Our Commitment to Security
At TinyTell, security is foundational — not an afterthought. We understand that pregnancy data is
deeply personal, and we've built our entire infrastructure with that responsibility in mind.
This document outlines the security measures we implement to protect your data and our application.
Authentication & Identity
TinyTell uses Clerk for authentication, providing enterprise-grade identity
management:
- OAuth 2.0: Sign in securely with Google or Apple — we never see or store your
password
- Email Authentication: For email sign-ups, verification codes ensure only you
can access your account
- JWT Tokens: Every API request is authenticated with a signed JSON Web Token,
verified server-side
- Session Management: Automatic token refresh and secure session handling
Authorisation & Access Control
We enforce strict access control to ensure users can only access their own data:
- All backend queries and mutations require a valid, authenticated user identity
- Data is scoped to the authenticated user's Clerk ID — no user can access another user's records
- Premium features are gated behind verified subscription status
- Admin operations are restricted to authorised personnel only
Data Encryption
- In Transit: All network communication between the app and our servers uses TLS
1.2+ encryption
- At Rest: Data stored in our backend (Convex) is encrypted at rest using AES-256
- Sensitive Storage: Authentication tokens and sensitive credentials on your
device are stored using Expo SecureStore (iOS Keychain / Android Keystore)
Rate Limiting
To prevent abuse and protect against denial-of-service attacks, we implement comprehensive rate
limiting:
- Per-user, per-action limits: Each user is limited to 60 requests per hour for
each type of data operation
- Sliding window algorithm: Rate limits use a 1-hour sliding window for fair
enforcement
- Nub Analysis limits: AI analysis is limited to 2 uploads per month per user to
prevent misuse
- All mutations protected: Every data-modifying operation is rate-limited
Input Validation & Sanitisation
We implement dual-layer validation to prevent malicious input:
- Client-side validation: Zod schemas validate all form inputs before submission
- Server-side validation: Convex argument validators enforce strict type and
range checking on every mutation
- Text sanitisation: All text inputs are sanitised to prevent cross-site
scripting (XSS) attacks
- Range validation: Numeric inputs are checked against reasonable bounds (e.g.,
weight: 30–300 kg, height: 120–250 cm)
Stateless Image Processing
Our Nub Analysis AI feature follows a strict analyse-and-wipe protocol:
- Ultrasound images are transmitted securely to the AI model
- Analysis results are generated in real-time
- Images are immediately and permanently deleted after analysis
- No image data is stored, cached, or logged at any point in the pipeline
- Results are stored as text-only predictions — the original image is never retained
Secret Management
We follow a strict zero-trust approach to API keys and secrets:
- No secrets in frontend code: All API keys and secret credentials are stored
server-side in Convex Environment Variables
- Public keys only: Client-side services (e.g., Clerk authentication) use public
keys exclusively
- Environment isolation: Development, staging, and production environments use
separate credentials
- Source control safety: Environment files are excluded from version control via
.gitignore
Infrastructure Security
TinyTell is built on trusted, enterprise-grade infrastructure:
- Convex: Our real-time backend provides automatic scaling, data encryption, and
SOC 2 compliant infrastructure
- Clerk: Authentication infrastructure certified for GDPR, SOC 2, and CCPA
compliance
- Expo: Build and distribution infrastructure with secure signing and OTA update
verification
Vulnerability Reporting
We take security vulnerabilities seriously. If you discover a security issue, please follow
responsible disclosure:
- Do NOT open a public issue or discuss the vulnerability publicly
- Email security@tinytell.app with a detailed
description
- Include steps to reproduce the vulnerability, if possible
- Allow reasonable time for us to investigate and patch before public disclosure
We commit to acknowledging all valid security reports within 48 hours and providing regular updates
on remediation progress.
Ongoing Security Practices
- Regular dependency audits and updates
- Automated security scanning of our codebase
- Quarterly security reviews and audits
- Continuous monitoring for suspicious activity and rate limit violations
- Incident response procedures for rapid threat mitigation
Contact Us
For security-related inquiries or to report a vulnerability: