How we handle the dangerous parts.

The big rule: no real PHI on FHIRBuilders. Ever.

FHIRBuilders is a sandbox + learning environment. We connect to FHIR servers (Medplum) pre-loaded with synthetic patient data only, generated by Synthea. Real Protected Health Information (PHI) is not allowed in any sandbox you create here, in any project you share, or in any prompt you send through our AI features.

When you start a cohort or accept a sandbox invite, you agree to this in writing. If we discover real PHI in a sandbox, we lock the sandbox, notify you, and (depending on severity) delete it within 24 hours.

What lives where

• Application database: PostgreSQL on Neon (US region). TLS in transit. AES-256 at rest. Encrypted automatic backups, point-in-time recovery enabled.
• Application hosting: Vercel serverless functions + edge middleware, US regions. No long-lived servers we operate.
• Secrets: environment variables stored in Vercel project settings, scoped per environment (production / preview / development). The bot tokens for Slack cohort scripts (SLACK_BOT_TOKEN) live only in the operator's shell — we don't commit them to .env files (see CLAUDE.md security notes).
• FHIR clinical data: stays in your Medplum project. We never proxy or cache FHIR resources on our servers.
• AI prompts: when you use OpenClaw or AI features, calls go directly to Anthropic / OpenAI under your own API key (BYOK). We store generation metadata (channel ID, status, token counts) — not prompt/response bodies.

Authentication

• Sign-in: NextAuth.js v5 with GitHub OAuth, Google OAuth, Resend magic links, and bcrypt-hashed email/password. JWT sessions, signed with NEXTAUTH_SECRET (rotated when team membership changes).
• OAuth account linking: we explicitly allow linking GitHub and Google accounts that share a verified email (allowDangerousEmailAccountLinking), so signing in with either lands you on the same account. We rely on the providers to verify the email before linking — see the note in our code referencing that flag.
• Bcrypt: password hashes use bcrypt with cost 10. We never see your plaintext password.
• Edge middleware: /dashboard, /profile,/admin, and /cohort/* routes are protected by middleware that verifies the JWT before any handler runs.
• Admin pages: gated by an explicit allowlist (ADMIN_EMAILS) on top of normal sign-in. Compromising any cohort member's account does not grant access to the admin roster.

Sandbox isolation

Each sandbox is a Medplum project owned by the user who created it. We don't cross-mount data between sandboxes. Sample patients are seeded from Synthea modules you select; you can wipe and re-seed at any time.

AI generation (OpenClaw) runs in isolated channels — each generation gets a fresh MessagingChannel + AppChannel record. Generated apps are stored as code artifacts only; we don't auto-execute them on our servers.

What we monitor

• Vercel function logs (errors only) — retained per Vercel's defaults.
• Neon query logs and connection counts.
• Sign-in events (timestamp + count per user) — used for the admin roster, not for behavioral analytics.

We don't run general-purpose user behavior analytics.

Vulnerability disclosure

Found a bug or vulnerability? Email eugene.vestel@gmail.com with steps to reproduce. We'll respond within 48 hours and credit you in the fix commit if you want.

Please don't run automated scanners against production. The sandbox is meant for experimentation — feel free to break things in your own Medplum project.

Past incidents

• 2026-05-XX — exposed Neon credential in a settings file. .claude/settings.local.json committed in an early commit contained the Neon DATABASE_URL token. Neon flagged it; we rotated the role password the same day, made the file .gitignore'd, and verified the old token was dead. No data accessed. See CLAUDE.md in the repo for the rotation playbook.

We'll document any future incident here within 72 hours of discovery, even if no data was accessed.

Cohort consent + quiz

Before each cohort, builders complete a short security quiz + consent form covering the “no real PHI” rule, sandbox isolation, and the BYOK model. The quiz flow lives at /cohort/cohort-00/prereqs (rolling out the week of Session 1). You can't skip it — the cohort sub-routes gate on its completion once it ships.

Compliance posture

FHIRBuilders is not currently HIPAA-covered or SOC 2 certified — we stay out of the regulated space deliberately by accepting only synthetic data. Operating as an individual, not a corporate entity, as of 2026-06-05.

Contact

Eugene Vestel — eugene.vestel@gmail.com. For privacy questions specifically, see /privacy.