Your Sovereign Health Vault

FeedbackAbout
v0.2.1

What This Is

Your health data is scattered across hospitals, clinics, labs, and apps — none of which talk to each other, none of which belong to you.

This changes that.

This is a personal health vault. It gathers your fragmented health history into one place, encrypts it so only you can read it, and helps you see your own story clearly. No institution, no company — not even us — can access your data without your explicit permission.

You are the root user of your health.

This is the first version. It's early, it's simple, and it's shared only with you. What you're testing is the foundation of something much larger.

Principles

Your body generates the data. You own it.

Health data belongs to the person it describes — not the systems that happen to store it.

Zero-knowledge architecture.

Your data is encrypted before it leaves your device. We cannot read it. We cannot sell it. We cannot be compelled to hand over what we don't have.

Silence is a feature.

This doesn't ping you, gamify your health, or compete for your attention. It watches quietly and speaks only when something genuinely matters.

Clarity over complexity.

When it speaks, it uses plain language. No jargon, no alarm, no judgement. Just a calm, honest observation you can act on or ignore.

No selling. No ads. No extraction.

You are the customer. Your data is never the product.

Consent is everything.

You choose what gets imported. You choose who sees what, and for how long. Access is granted, never taken.

Built in Europe, built on rights.

This implements GDPR and is designed for the European Health Data Space and eIDAS as they arrive. Not just compliance — architecture.

Free as in freedom.

This follows the philosophical lineage of free software: the belief that people should control the systems that hold their most personal information. Health data is more important than source code ever was.

What this version does

  • Import your health records
  • Connect wearables and sync sleep, recovery, activity
  • Store everything in your personal encrypted vault
  • See your health timeline in one place
  • Deep dive into sleep trends and lab results
  • See insights that connect signals across your data
  • Search everything — fast

What's coming

  • Notes: add context to any event, in your own words
  • Lab PDF import: bring in results from anywhere
  • More portals: connect to more health systems
  • Sharing: give a doctor or family member time-limited access to exactly what you choose

Built in Stockholm. Shared by invitation.

If the interface feels calm, that's intentional. If the system feels quiet, that's the design. If you feel like your data is finally yours — that's the whole point.

For the technically curious

Health records are encrypted client-side using AES-256-GCM before reaching the server. The server stores only ciphertext — it cannot read your health data.

Your vault password is processed through PBKDF2 (100,000 iterations) to derive a User Master Key, which wraps a Key Encryption Key (KEK) using AES-KW. The KEK encrypts your data. Neither key ever reaches the server in plaintext.

Your vault has a separate password from your login. Even if the login layer is compromised, health data stays locked.

Recovery uses a BIP39 24-word mnemonic that independently wraps the KEK. If you lose your vault password, this is the only way back. We cannot recover it for you.

Minimal metadata (date, category, source) is stored alongside encrypted blobs for timeline queries. Clinical content is always encrypted.

Who is who, under GDPR

You are the Data Controller. You decide what's stored, who sees it, and when it's deleted.

We are the Data Processor. We store and transport your encrypted data on your behalf. We see minimal metadata but cannot read clinical content.

A doctor or family member you share with becomes a temporary processor — with access limited to exactly what you chose, for exactly as long as you allow.

Your healthcare provider remains controller of their own records. We help you exercise your right to a copy under GDPR Articles 15 and 20.

Deletion is real. When you delete, encryption keys are destroyed. The ciphertext becomes mathematically unrecoverable — by anyone, including us.