How Encryption Works
AES-GCM encryption protects your family data.
GenogramAI uses industry-standard encryption to protect your sensitive family data. Here's how it works.
AES-GCM Encryption
All genogram data is encrypted using AES-GCM 256-bit encryption, the same standard used by banks and governments. GCM (Galois/Counter Mode) provides both confidentiality and data integrity.
How It Works
- 1Key Derivation: When you sign in, a unique encryption key is derived from your user ID
- 2Client-Side Encryption: Your genogram data is encrypted in your browser before sending
- 3Secure Transmission: Only encrypted data travels over HTTPS to our servers
- 4Decryption on Load: When you access your genogram, it's decrypted locally in your browser
Encryption Levels
GenogramAI offers two levels of encryption depending on your plan:
Cloud Storage (All Plans)
Cloud-stored genograms are encrypted at rest with AES-256 before saving to our servers. Encryption keys are derived from your account credentials. This protects your data from unauthorized access but is not zero-knowledge — the server holds the key material.
Clinical Mode — Zero-Knowledge (Clinical Plan)
For true zero-knowledge encryption, Clinical Mode on the Clinical plan stores all data locally on your device. A unique encryption key is generated on your device and never sent to our servers. This means:
- Your data never leaves your device
- The encryption key exists only on your machine
- Even if our servers were compromised, your local data remains safe
- GenogramAI cannot access or decrypt your Clinical Mode files
Clinical Mode = True Zero-Knowledge
In Clinical Mode, your data is encrypted with a device-bound key that never leaves your machine. No one — not even GenogramAI — can decrypt your files.