Secure, private, and built for sensitive family records.

Wholekin protects household data with server-side authentication, family-scoped authorization, private infrastructure boundaries, encrypted storage practices, and disciplined change controls.

Security is part of the architecture

We use managed cloud services, explicit authorization, protected sessions, and quality gates so sensitive records are guarded by design and by process.

Identity, authorization, and sessions are treated as control systems.

Private records are not used to train foundation models.

Production infrastructure uses private database boundaries and managed secret storage.

Security at our core

Concrete controls behind the current implementation

No model training on your records

Private household records are not used to train foundation models. AI-assisted workflows are bounded to product purpose and human control.

Private family data stays tied to the workspace it belongs to.
AI assistance is designed around purpose limitation and clear user intent.
Document and record workflows preserve the privacy boundary of the family workspace.

Strong authentication and sessions

Identity, tokens, and browser sessions are handled as security controls, not convenience plumbing.

Authentication is delegated to Auth0.
The backend validates issuer, audience, and signing material before accepting tokens.
Session cookies are signed, HttpOnly, and marked Secure in production.

Family-scoped authorization

Access is explicit, role-based, and evaluated against the family resource being requested.

Authorization decisions are backed by Cedar.
Permissions are expressed for create, list, read, update, and delete operations.
Service-level safeguards protect critical invariants such as last-owner protection.

Protected infrastructure

Production runs on AWS with private data services, managed secrets, centralized logging, and clear network boundaries.

The primary database is not publicly exposed and runs in private isolated subnets.
Database credentials are generated and stored in managed secret storage.
Storage resources are configured with encryption and blocked public access by default.

Validation and change quality

Security includes the way software changes are introduced and checked before they reach users.

Frontend CI requires formatting, typechecking, linting, and a production build.
Backend CI runs formatting, static analysis, tests, and strict compilation checks.
Container repositories are configured for image scanning on push.

Audit-friendly records

A secure record system needs traceability, validation, and clean operational visibility.

Core managed records capture change history.
Validated request models protect important data boundaries.
Operational logging and container visibility are enabled for the running environment.

GDPR-aware data handling

Wholekin designs for purpose limitation, minimization, access rights, export, deletion, and privacy-aware operations for EU households and advisors.

EU AI Act aware governance

AI-assisted processing is designed around clear purpose, transparency, human oversight, and boundaries around private household records.

Least privilege

Family roles, Cedar-backed policies, and server-side authorization keep access tied to explicit people, resources, and actions.

Continue your review

See how the security model supports trust.

The trust page explains our privacy, governance, GDPR, and EU AI Act posture in broader terms for families and advisors.

Review trust posture Read privacy policy