Your Data, Your Control
FaceofMind is engineered with enterprise-grade security architecture. All technical controls are implemented: AES-256 encryption (JWE + Fernet), RBAC, audit logging, data minimization, and privacy-by-design. Our infrastructure meets compliance standards—only legal paperwork (BAAs, certifications) is pending.
Important Disclaimer
FaceofMind is a wellness application, NOT a healthcare provider. We are NOT a covered entity under HIPAA and are NOT subject to HIPAA regulations. We do NOT provide medical diagnosis, clinical treatment, or emergency crisis intervention. Always consult licensed healthcare professionals for medical advice.
Privacy & Data Protection
Enterprise-grade security architecture with all technical controls implemented
Enterprise-Grade Security
Industry best practices for data protection
FaceofMind implements enterprise-grade security controls including AES-256 encryption (JWE for tokens, Fernet for data), RBAC access management, comprehensive audit logging, and data minimization. All technical controls are implemented. While we are NOT currently a healthcare provider or covered entity under HIPAA, our infrastructure meets industry compliance standards.
Key Features
GDPR-Ready Architecture
General Data Protection Regulation
FaceofMind implements GDPR-ready architecture with all technical controls in place: privacy-by-design, granular user data controls (privacy toggles), data portability, and comprehensive audit logging. Our infrastructure meets GDPR technical requirements. Legal paperwork and formal certification are in progress.
Key Features
DPA-Aligned Protection
Data Protection Act of 2012 (RA 10173)
FaceofMind implements DPA-ready architecture with all technical controls in place: data subject rights (access, deletion, portability), consent management, secure storage, and audit logging. Our infrastructure meets RA 10173 technical requirements. Legal registration with NPC is in progress.
Key Features
Wellness Platform Standards
Digital wellness best practices
FaceofMind is a wellness application designed to support emotional awareness and facilitate connections with licensed mental health professionals. All clinical interpretations, diagnoses, and treatment plans are the sole responsibility of the licensed professionals users may consult.
Key Features
Security Measures
Multi-layered security to protect your sensitive wellness data
End-to-End Encryption
TLS 1.3 in transit, JWE (AES-256 GCM) for tokens, Fernet for data
Role-Based Access Control
RBAC with OAuth 2.0, permission-based access, domain controls
Secure Storage
Field-level encryption, encrypted databases, regular audits
Infrastructure Security
Cloud infrastructure with security best practices
Audit Logging
Comprehensive audit trails (ChatSessionAudit, ticket_scans, admin logs)
Data Minimization
30-day data windows, privacy toggles, consent management
Crisis Support Resources
IMPORTANT: FaceofMind is NOT a crisis service or emergency monitoring platform. If you are experiencing thoughts of suicide, self-harm, or are in physical danger, please contact emergency services immediately.
Your Data Rights
You own your mind, and you should own your data
Right to Access
Request a copy of your personal data at any time
Right to Deletion
Request deletion of your data (subject to legal requirements)
Right to Correction
Request correction of inaccurate information
Right to Portability
Export your data in a portable format
Right to Withdraw Consent
Withdraw consent for data processing where applicable
Right to Object
Object to certain types of data processing
Our Data Usage Commitment
No Selling
We NEVER sell your personal or wellness data to third parties
No Advertising
We do not use your emotional states to target advertisements
Minimal Collection
We only collect data necessary to provide you with wellness insights
Enterprise-Grade Security Architecture
All technical controls are implemented and operational
Technical Infrastructure ✅
- • AES-256 encryption (JWE + Fernet)
- • RBAC with OAuth 2.0
- • Comprehensive audit logging
- • Data minimization (30-day windows)
- • Privacy toggles & consent management
- • Field-level encryption
- • Time-limited access controls
Legal Paperwork ⏳
- • Business Associate Agreements (BAAs)
- • Formal HIPAA certification
- • GDPR compliance certification
- • Third-party vendor agreements
- • Legal entity registration updates
Status: Our architecture meets HIPAA/GDPR technical requirements. Legal documentation and formal certifications are in progress.
Compliance Alignment
FaceofMind aligns with international privacy frameworks
GDPR
Privacy-by-design and data portability
DPA (RA 10173)
Philippine Data Privacy Act compliance
OWASP
Web security best practices
Exercising Your Rights
To exercise any of your data rights, please contact us at:
Email: support@faceofmind.com
Subject: Data Rights Request
We will respond to your request within 30 days as required by applicable regulations.
FaceofMind is a digital wellness platform. We are NOT a healthcare provider, clinic, or covered entity under HIPAA. We are not subject to HIPAA regulations. Our platform provides general emotional support and wellness tools. For medical advice, diagnosis, or treatment, consult a licensed healthcare professional. For emergencies, call 911 (US) or your local emergency number.
Last Updated: February 2026 | FaceofMind – Empowering Mental Wellness through Technology.