Security

The engineering behind a promise.

Privacy is a posture. Security is the architecture that makes the posture real. Here's how Regimio is built.

AES-256 at restTLS 1.3 in transitiCloud KeychainSandboxed file storage

Architecture

A four-layer model.

1. Storage

All domain data lives in a SQLite database in the app's sandboxed Documents folder. The OS enforces app-level isolation. Other apps cannot read this file without explicit user permission.

2. Keychain

Sync keys, biometric tokens, and subscription receipts live in iOS Keychain / Android Keystore. Hardware-backed where available. Never written to disk unencrypted.

3. Transit

The only network calls in v0 are: App Store / Play Store IAP receipts, Sentry crash reports (opt-in), and optional iCloud Drive document sync. All TLS 1.3 with certificate pinning where applicable.

4. Sync (opt-in)

When sync is on, your SQLite file is wrapped in an envelope encrypted with a key stored in iCloud Keychain. We never see the contents. Apple sees ciphertext.

Threat model

What we defend against · and what we don't.

An honest read on a real product.

Lost or stolen device

Yes

Optional Face ID / Touch ID / biometric lock gates the app and Settings. Apple/Google device encryption protects data at rest with the device passcode.

App-level data leak via OS

Mitigated

iOS app sandboxing isolates Regimio's data. No public Share extension that includes raw values. Doctor PDF is generated on-device, AirDropped or emailed by you.

Compromised cloud infrastructure

Yes (sync mode)

With sync enabled, your data is encrypted with a key Apple does not hold. A compromised iCloud account still requires the local Keychain key to read your stack.

Targeted forensic compromise

If a state-level actor has physical custody of your unlocked device with biometrics bypassed, no consumer app stops them. The one-tap erase exists precisely for the moment before a hand-off.

Phishing or social engineering

N/A

There is no account to phish in the default flow. Sync mode uses Apple Sign-In with hardware-backed credentials · out of scope for typical phishing.

Insider threats at Regimio

Mitigated

We don't run a server that stores your data. There is no Regimio employee with a button that can read your stack. We can't get to it even with intent.

Practices

Engineering hygiene.

TypeScript strict mode across the entire codebase
Dependency review on every release. No deprecated packages in production.
Crash reports scrubbed of compound names, doses, and lab values before submission
Sentry is opt-in. Default = OFF.
Public changelog · every release notes what changed for privacy and security
Bug bounty (coming once v1 ships) · responsible disclosure at security@regimio.app
No third-party analytics SDKs (no Mixpanel, no Amplitude, no Segment)
No advertising SDKs ever
Pen test before public launch (planned q3 2026)
Math verified against published peptide and ester reference tables

Found something?

Responsible disclosure

Email security@regimio.app. We respond within 72 hours, even pre-launch.

security@regimio.app→Privacy posture