CareHub - Security, Privacy & Trust (Reality Check)

CareHub Security, Privacy & Trust — Reality-Checked Summary

Implementation status aligned to what is currently evidenced in the repository.

Last Updated: February 22, 2026  |  Version: 4.0 (Reality Checked)

This summary is aligned to current repository implementation status. Controls are labeled as Active, Partial, or Planned.

Evidence Source

Full technical audit: SECURITY_REALITY_AUDIT_2026-02-22.md

Control Status

ACTIVE Auth, consent, and NDA evidence chain

  • Supabase-backed login is active and email verification checks are enforced in API login flow.
  • Password reset token generation, expiry checks, and reset update flows are implemented.
  • Consent submissions and NDA records are persisted and used for document workflows.
  • NDA verification supports hash-based validation and PDF generation from source records.

PARTIAL RLS, email ops consistency, external integrations

  • RLS is confirmed in migrations for selected newer tables, not yet evidenced for all sensitive tables in repo scope.
  • Email flows work, but credential/provider configuration paths are inconsistent and should be unified.
  • Google Sheets integration is mixed-state: references exist, but core helper is currently stubbed/disabled.

PLANNED Enforced MFA and lockout controls

  • MFA/TOTP and lockout/rate-limit controls are referenced in public narratives but are not enforced in the primary login API path.
  • These controls should be presented as roadmap items until runtime enforcement is demonstrable.

Current Risks

High

  • JWT secret fallback defaults exist in auth code and should be removed in favor of fail-fast configuration.
  • JWT verification is not tightly coupled with revocation-aware session enforcement.

Medium

  • NDA hash verification endpoint uses bounded record scanning (limit(100)), which can miss records at scale.
  • Public claims may overstate controls unless explicitly labeled by implementation status.
  • Email provider config drift increases operational recovery risk.

Low

  • Environment capability booleans exposed in version endpoint can aid external profiling.

Immediate Priority Actions

  1. Remove JWT fallback secret and enforce startup failure when missing.
  2. Implement MFA + lockout/rate-limiting at login API boundary.
  3. Add revocation-aware checks in auth verification flow.
  4. Replace NDA hash scan with direct indexed lookup path.
  5. Standardize email transport credentials to one secure path.

Published Documentation

Published: our security documentation is recorded on blockchain in plain-language PDF format for free viewing and download.

Static listing link for tonight (will be replaced with final minted Tez listing):

View NFT Listing on objkt.com

CareHub trust posture improves when implementation evidence and public claims stay strictly aligned.