Security & Privacy
For procurement teams · last updated: February 2026
The short version
Memory Lane is a caregiver-facing app. Caregivers create their own accounts and enter their own notes about their loved one. We are intentionally not a HIPAA-covered entity — we treat the data here like a sensitive consumer-grade journal, not a medical record. Below is everything we actually do today, and what we don't.
Data in motion + at rest
TLS 1.3 in transit
Every request between the browser and our backend is encrypted in transit with TLS 1.3 (managed by our hosting provider).
Encrypted database at rest
Caregiver data lives in MongoDB with at-rest encryption enabled. Backups are encrypted with the same scheme.
Secrets managed via environment variables
API keys (LLM provider, email provider, Stripe) live in environment variables on our servers — never committed to source control, never visible in the client.
Passwords hashed with bcrypt
We never store caregiver passwords. We store a one-way bcrypt hash. Even an internal team member with full DB access cannot read a caregiver's password.
Access control
Caregiver-only visibility
A caregiver's notes, screener answers, and Lane AI conversations are visible only to that caregiver. Other caregivers cannot see them. Partner organizations cannot see them.
Partner orgs see aggregate, de-identified data only
When a caregiver redeems an org's invite code, the org admin sees a roll-up: cohort size, average burnout band, common behavior themes, engagement rate. They do not see individual caregivers' chats, notes, or screener answers. This is a deliberate architectural choice — we built it before we sold it.
Memory Lane staff access is minimised
Only one engineer (founder) has production database access today. Access is logged and reviewed.
What we deliberately do not do
- We do not sell, rent, or share caregiver data with advertisers.
- We do not use caregiver data to train any AI model. (Conversational memory is per-caregiver, used to make their next chat smarter — never pooled.)
- We do not store credit card numbers — Stripe Checkout handles all of that.
- We do not run ad-network pixels, remarketing tags, or cross-site advertising trackers. The analytics tools we do use (GA4, PostHog, and Microsoft Clarity when enabled) are first-party, IP-anonymized where supported, and form-field-masked where supported. The Cookie Policy lists every identifier.
What we don't claim (yet)
Honesty matters. Today, Memory Lane is not SOC 2 Type 2 certified and is not a HIPAA-covered Business Associate. The Privacy Policy explains why that's deliberate for a consumer-facing caregiver tool. Our roadmap:
- Q2 2026: Vanta-driven HIPAA control set (training, access reviews, vendor list, incident response policy). BAA available on request for partners who require one.
- Q4 2026: SOC 2 Type 1 audit.
- Q2 2027: SOC 2 Type 2 (12-month observation period begins after Type 1).
If your procurement team needs something specific before then — a security questionnaire, our hosting + sub-processor list, a mutual NDA — email ashlee@asvmedicalservices.com and we'll turn it around within two business days.
Mutual NDA
For pilot conversations, we ship the same mutual NDA to every partner — covering both directions, protecting our IP and methodology, and protecting your operational information. Five-year survival period, US law, no copying or reverse-engineering of either side's confidential information.
Download our mutual NDAIncident response
In the unlikely event of a security incident affecting caregiver data, we will:
- Contain the incident, then investigate the scope within 72 hours.
- Notify affected caregivers via the email they signed up with — within 7 days at the latest.
- Notify partner orgs (if any of their caregivers are affected) at the same time as the caregivers.
- Publish a post-mortem on our changelog within 30 days.
Sub-processors
The services we use to operate Memory Lane today:
| Provider | Purpose | Data |
|---|---|---|
| MongoDB Atlas | Encrypted database hosting | All caregiver-entered data |
| Hosting cluster | App + API hosting | HTTP requests, app logs |
| Emergent LLM gateway | Lane AI conversational guidance (OpenAI, Anthropic, Gemini) | Caregiver chat turns; never used to train models |
| Stripe | Billing for paid Care Navigator sessions | Billing email + card token (we never touch the card) |
| Resend | Transactional email (welcome, share link, alerts) | Recipient email + email body |
| Calendly | Care Navigator session booking | Booking name + email + selected slot |
| Google Analytics 4 | Aggregated traffic, engagement, and conversion analytics (IP anonymized) | Pseudonymous client ID, page paths, named events (e.g. Account Created, Roadmap Completed). No PII sent. |
| PostHog | Product analytics + occasional session replay for bug-fixing | Pseudonymous client ID, event metadata. Session-replay input fields are masked by default. |
| Microsoft Clarity | Heatmaps and aggregated behavioral analytics. Only loads after the caregiver opts in via the cookie banner; never loads when Global Privacy Control is on. | Pseudonymous visitor ID, click/scroll patterns. Sensitive form fields masked. |
Adding or replacing a sub-processor that handles caregiver data triggers a partner notification at least 30 days in advance.
Get in touch
Security questions, BAA requests, vendor questionnaires: ashlee@asvmedicalservices.com. Pilot enquiries: ashlee@asvmedicalservices.com.
This page describes what we actually do — not aspirational marketing. If anything on it stops being true, we update it within seven days.