Security

How Wayfound protects your family's information

Families share sensitive health, education, and benefits information with Wayfound. This page explains the safeguards we use.

Last updated June 8, 2026

Current security overview for families using Wayfound.

Families share some of their most sensitive information with Wayfound, including documents about their child's health, education, and benefits. Protecting that information is fundamental to what we do. This page explains the main safeguards we use. For how we collect and use information, see our Privacy Policy.

Encryption

Your information is encrypted in transit using industry-standard TLS, and it is encrypted at rest in our database and file storage. Particularly sensitive fields are encrypted at the application level, which adds a further layer of protection beyond storage encryption.

Access controls and isolation

Your family's information is associated with your account and is not accessible to other users. Internal access is limited to what is needed to operate and support the Service, and is protected by authentication controls. We use established authentication for sign-in rather than building our own.

How we handle AI processing

When the Service uses artificial intelligence to analyze your documents or generate guidance, that processing is configured for zero data retention with our AI provider. Your content is used to generate a response for you and is not retained by the AI provider to train its models. We do not use your documents or personal information to train third-party foundation models.

Trusted infrastructure

We build on established providers rather than reinventing core infrastructure, including for authentication, database and storage, hosting, payments, and AI processing. The full list of providers is in the Privacy Policy. Each is used under terms that limit how it may use your information.

Your control over your data

You can export or delete your information at any time from your account settings. Deleting your account removes your family and child records, your documents, and associated stored files, as described in our Privacy Policy.

Payment security

Subscription payments are processed by Stripe, an established payment provider. We do not collect or store your full card number on our systems.

A note on HIPAA

Wayfound is a consumer service, and using it does not create a HIPAA-covered relationship. We are generally not a covered entity or business associate under HIPAA. The health-related information you share is protected by our Privacy Policy and the security practices on this page, rather than by HIPAA. We are transparent about this so you can make an informed choice about what you share.

Reporting a security concern

We welcome reports from security researchers and users. If you believe you have found a vulnerability or have a security concern, please email us at hello@wayfound.us with the details, and please give us a reasonable opportunity to address it before disclosing it publicly. We will not pursue good-faith research that respects user privacy and avoids disrupting the Service.

An honest limitation

No website, application, or method of transmission or storage is completely secure. We work hard to protect your information using the measures described here, but we cannot guarantee absolute security. You also play a part: please use a strong, unique password and keep your login credentials confidential.