Security
We take the security of your family’s data seriously. Here’s how Hearth is built to protect you, and how to report a problem.
How Hearth protects you
- Apps run isolated. Every app is sandboxed on its own origin and can’t reach your data or the network unless you allow it.
- Agents never hold credentials. Agent Heath never sees your passwords or tokens, so it can’t be tricked into handing them over.
- Your family sets permissions. Every capability is granted by a person, never by the AI.
- Encrypted in transit and at rest. Hearth runs on Cloudflare with encryption throughout, and access to your data is limited to what’s needed to run the service.
- Reversible by design. Changes are logged and can be rolled back, so mistakes are recoverable.
Reporting a vulnerability
If you believe you’ve found a security vulnerability, please email security@ourhearth.ai. Include enough detail to reproduce the issue — steps, affected URLs, and the potential impact — and a way to reach you.
Safe harbor
We won’t pursue legal action for good-faith security research that follows this policy: don’t access or modify other people’s data, don’t degrade the service, don’t run scans that disrupt others, and give us a reasonable chance to fix the issue before sharing it publicly.
Scope
In scope: ourhearth.ai, tenant workspaces at *.ourhearth.ai, and app origins at *.ourhearthapps.com. Out of scope: denial-of-service, social engineering, physical attacks, and issues in the third-party services we rely on.
Our response
We aim to acknowledge reports within three business days and to keep you updated as we investigate and fix. We don’t run a paid bug-bounty program during the private alpha, but we’re grateful for your help and are happy to credit you once an issue is resolved (with your permission).
Contact
Security questions or reports: security@ourhearth.ai.