Multi-Layered Encryption Architecture
Understanding Emotion.Guru's comprehensive approach to data security and privacy protection
Important: Local encryption passwords cannot be recovered if forgotten. We cannot decrypt your locally encrypted data without your password. Please store your password securely.
Three-Layer Security Architecture
Layer 1: Client-Side Encryption
Journal Entries
Required - All journal content encrypted before transmission
Reflections
Optional - User choice for additional privacy layer
Chat Messages
N/A - Handled by infrastructure encryption
Layer 2: GSB LowCode BackEnd
All sensitive fields are encrypted at the infrastructure level during processing and transmission.
TLS 1.3 for data in transit
Field-level encryption for sensitive data
Layer 3: Azure Database Service Encryption
Microsoft Azure provides enterprise-grade encryption at rest and comprehensive compliance certifications.
AES-256 encryption at rest
Transparent Data Encryption (TDE)
Client-Side Encryption Technical Details
Encryption Algorithm
- • AES-256
- • Authenticated encryption with associated data
Key Derivation
- • PBKDF2-SHA256 algorithm
- • 100,000 iterations minimum
Azure Database Service Compliance Certifications
Our cloud provider Microsoft Azure maintains comprehensive compliance with global standards and regulations. Key certifications relevant to emotional wellness data include:
| Certification | Applicable To |
|---|---|
| HIPAA and HITECH Act (US) | Healthcare data protection and privacy |
| SOC 2 Type 2 | Enterprise security controls and data protection |
| ISO 27001:2013 | International information security management |
| GDPR Compliance (EU) | European data protection and privacy rights |
Azure maintains additional certifications for specialized industries and regions. View the complete list in Microsoft's official compliance documentation. (Emotion.Guru is not independently certified for compliance.)
Security Best Practices
Recommended
- • Use a strong, unique password for local encryption
- • Store your password in a secure password manager
- • Enable two-factor authentication on your account
- • Regularly update your local encryption password
- • Keep your browser and device updated
Avoid
- • Using weak or common passwords
- • Sharing your encryption password
- • Storing passwords in plain text
- • Using the same password across services
- • Accessing from untrusted devices
This multi-layered approach ensures that your most sensitive data (journals) benefit from client-side encryption, while all data benefits from enterprise-grade infrastructure and database encryption. The combination provides maximum security while maintaining usability.