For clinicians

Security & Trust

Updated March 2026

proof. was built to sit alongside clinical treatment — which means the people using it are often in a vulnerable place. We take that seriously in how we handle their data.

Encrypted in transit & at rest

All patient data is encrypted using industry-standard protocols. Data in transit uses TLS. Data at rest is encrypted by our infrastructure provider.

Patient-controlled data

Patients own their data. Clinician access requires explicit consent via a patient-generated link code. Patients can remove clinician access or delete their account at any time.

Automatic session timeouts

The app automatically signs patients out after 24 minutes of inactivity, and when the app is backgrounded — protecting sensitive data on shared or borrowed devices.

No calorie tracking, ever

proof. does not collect calorie counts, weights, or body measurements — by design. The app tracks distress, not restriction.

No advertising

proof. is free for patients and contains no advertising. We do not sell patient data to third parties under any circumstances.

Built in Massachusetts

Proof Health Technologies LLC is based in Boston, MA. Data security practices are designed in accordance with Massachusetts data security regulations (201 CMR 17.00).

Infrastructure

proof. is built on Supabase, a trusted infrastructure provider used by thousands of healthcare-adjacent applications. All data is stored on servers in the United States. Supabase provides encryption at rest and in transit, role-based access controls, and detailed audit logging.

The app is distributed exclusively through Apple's App Store under Bundle ID com.proofrecoveryapp.proof.

What proof. is — and isn't

proof. is a wellness support tool designed to complement professional eating disorder treatment. It is not a medical device, clinical service, crisis line, or therapy platform. Use of proof. does not create a clinical relationship between patients and Proof Health Technologies LLC.

proof. is not a covered entity or business associate under HIPAA. Patients use the app voluntarily and agree to the Terms & Conditions and Medical Disclaimer on first launch, which clearly explain the nature and limitations of the tool.

Patient data access

By default, only the patient can see their own data. Clinician access requires the patient to explicitly share their 6-character link code — generated in the patient's app settings. Patients can unlink a clinician at any time from within the app.

Clinicians access patient data through a secure web portal at proofrecoveryapp.com/clinician, authenticated via email and password. Clinician accounts are manually reviewed and approved before access is granted.

Our commitments

We will never sell, rent, or share patient data with third parties for marketing or commercial purposes.
We will never collect calorie counts, body weights, or body measurements — by design, not just by policy.
proof. will remain free for patients. This is a permanent commitment, not a launch offer.
Patients can request deletion of their account and all associated data at any time, processed within 30 days.
We will notify clinician partners promptly in the event of any security incident affecting patient data.

Questions & security contact

Security questions, data requests, or partnership enquiries — contact us directly at celine@proofrecoveryapp.com. We respond to all clinical and security enquiries within 48 hours.

Interested in proof. for your practice?

Request clinician access, download our one-page clinical overview, or get in touch directly. We're happy to answer any questions before you recommend proof. to patients.

Request clinician access → Get in touch