System active and monitored

Security by design.
From the first bit to the backup.

How we protect the data you entrust to us. Every layer of the infrastructure, explained clearly — authentication, transmission, isolation, device, storage.

Version 1.0 Last updated: June 2, 2026 Informational document
24/7
Continuous
monitoring
TLS
Industry-standard
encryption
🇪🇺
Primary servers
in the EU
Section 01 — In summary

Ten layers of security, stacked.

Security isn't a single measure: it's a set of independent layers that reinforce each other. If one fails, the others keep protecting. Here's what we've built.

Authentication
Firebase Auth with email, Google, Facebook, Apple + OTP
API Tokens
HMAC-SHA256 signed JWTs, 30-day expiration
Transmission
HTTPS / modern TLS end-to-end on all traffic
Data isolation
Each user sees only their own data. Ownership check.
Database
PDO prepared statements against SQL injection
Device
Unlock with Face ID, Touch ID or local PIN
File upload
Format whitelist, max 10 MB, randomized filenames
Deletion
Complete and transactional account deletion
NFC Tags
URL only on the tag, no personal data
Isolated environments
Development and production fully separated
Section 02 — Identity

Who are you? We verify it carefully.

Authentication is the first gate. That's why we didn't build it in-house: we use Firebase Authentication, Google's platform that handles billions of logins daily and defines industry standards.

  • Four ways to sign in: email + password, Google, Facebook, Sign in with Apple
  • Email verification via OTP, 6 digits, expires in 10 minutes, single-use
  • Passwords never in clear text: hashed with bcrypt + salt, managed only by Firebase
  • Limited Login for Facebook on iOS to reduce shared data
Authentication flow
1
Enter emailor social provider
2
Receive OTP via email6 digits, valid 10 minutes
3
Firebase verifiesbcrypt password + salt
4
JWT token issuedHMAC-SHA256, 30 days
End-to-end encryption
Mobile app User request
🔒 HTTPS / TLS — encrypted
Oralsnap server HTTPS, token validation
🔒 HTTPS / TLS — encrypted
EU Database Prepared statements
Section 03 — Transmission

Everything in transit, always encrypted.

Every byte traveling between your device and our servers passes through an HTTPS connection with modern TLS. No exceptions, no fallback to HTTP. Man-in-the-middle interceptions don't stand a chance.

  • Mandatory HTTPS on the production domain oralsnap.com
  • RESTful API with strict HTTP methods (GET, POST, PUT, DELETE)
  • CORS headers configured to control cross-origin requests
  • JSON responses with explicit content-types
Section 04 — Data isolation

You see only your data. Period.

Even if someone tried to request another user's data, the server rejects the request at the code level. Every query is anchored to your identifier, verified on each call.

  • Ownership verification on every read, update and delete
  • Attempts to access others' data return 403 Forbidden or 404 Not Found
  • Owner-controlled sharing: only you decide who sees what
  • Shared users have read-only access, never modify or delete
  • Public links can be revoked at any time
Per-resource permissions
Patients
Images
NFC Tags
Objects
Notes
History
Server localization
Primary backend
Germany
Database and image storage
GDPR
Backup
France
Encrypted copy, regularly rotated
GDPR
Section 05 — Storage

Where your data ends up.

Oralsnap's primary backend (database and clinical image storage) is hosted on servers in Germany. Backups in France. All within the European Union, under full GDPR protection.

  • MySQL database with UTF-8 encoding and access exclusively via PDO
  • All queries use prepared statements: zero exposure to SQL injection
  • Regular automatic backups, encrypted and stored separately
  • SSL/TLS active on all storage
Section 06 — File upload

No suspicious files on our servers.

Every file you upload is validated before touching the disk. Type, size, name — all checked. Original names are never kept: each file receives a new unique and unpredictable name, preventing path traversal attacks.

  • Allowed formats: jpg, jpeg, png, gif, webp
  • Maximum size: 10 MB per file
  • Randomized names: uniqid + timestamp, never the original name
  • Server-side input validation on all endpoints
  • Emails validated with FILTER_VALIDATE_EMAIL
  • Strict whitelists for specialty, professional roles, and other sensitive fields
Upload pipeline
upload "patient_photo_mario.jpg"
validating mime type...✓ jpeg
checking file size...✓ 2.4 MB
scanning extension...✓ allowed
stripping metadata...✓ done
generating filename...
# original name discarded
→ saved as:"68f3a91c_1748293501.jpg"
✓ secure storage on EU server
Local biometric unlock
Oralsnap
is locked
Biometric verification happens on your device.
Neither fingerprint nor face ever leaves the smartphone.
Section 07 — Device

The smartphone becomes a safe.

Even if someone gets their hands on your unlocked device, the app won't open without Face ID, Touch ID or local PIN. All verification is handled by the operating system: biometric data never travels to our servers, we don't even receive it.

  • Biometric unlock on every app open, if enabled
  • Uses BiometricPrompt (Android) and LocalAuthentication (iOS)
  • Biometric data never leaves the device
  • Authentication tokens stored with native secure storage
  • Immediate logout clears all local tokens
  • Logout also disconnects Google, Facebook, Apple sessions
Section 08 — NFC Tags

On physical tags, zero personal data.

Even if someone found a lost or stolen NFC tag of yours, they couldn't extract any sensitive information from it. On the tag there's only a URL — no names, no images, no diagnoses. Data security stays on our protected servers.

  • On the NFC tag there's only a URL pointing to the online page
  • No sensitive data written on the physical chip
  • Tags can be reset at any time by the owner
  • Online tags are protected by the same ownership system as patients
  • Slug-based lookup with ownership verification before returning any data
What's written on an NFC tag
URLhttps://oralsnap.com/
p/abc12...
Unique encrypted URL
No name, surname or ID
No clinical images
No therapy notes
Development & production pipeline
$env status
development:isolated
production:isolated & locked
# no shared credentials
# no shared data
# no shared keys
$audit_log show last
✓ all admin actions logged
✓ rate limiting active
✓ error sanitization on
✓ input validation on
Section 09 — Development & Operations

Building, maintaining, monitoring.

Security isn't done "at the end". It starts from how we write code, how we isolate environments, how we handle errors. Here are the practices we apply every day.

  • Development and production fully separated: isolated credentials, databases, configurations
  • Production credentials are never accessible in development
  • Input validation and sanitization of all server-side inputs
  • Emails validated with standard PHP filters
  • Specialties and roles verified against strict whitelists
  • Structured API errors in JSON, without exposing internal details
  • Database exceptions never propagated to the end user
  • Audit log for all critical administrative actions
Section 10 — Deletion

Delete everything. For real.

When you delete your account, we actually delete everything. No hidden data, no "soft delete" that leaves shadows in the databases. The deletion happens in an atomic transaction: it either succeeds completely, or doesn't happen.

  • User profile and credentials deleted
  • All records of patients, objects and tags owned by the user
  • All uploaded images physically removed from disk
  • All shares and associated permissions
  • Firebase authentication record deleted
  • Two-step confirmation to prevent accidental deletions
  • Database transaction to guarantee integrity: all or nothing
Data by data, gone
×
User profiledeleted
×
Patients, objects, tagsdeleted
×
Images on diskphysically removed
×
Permissions and sharesrevoked
×
Firebase Authdeleted
Technical summary

All measures, in one view.

A quick summary for those who want the complete picture at a glance. Each entry corresponds to a layer described in detail above.

Authentication
Firebase Auth with Google, Facebook, Apple, Email + OTP. Bcrypt + salt for passwords.
API Security
JWT tokens signed with HMAC-SHA256, valid 30 days, Bearer authentication on every request.
Transmission
HTTPS / TLS end-to-end on all production traffic, according to industry standards.
Database
MySQL via PDO with prepared statements to prevent SQL injection. Errors not exposed.
Localization
Primary backend in Germany, backup in France. All in the European Union.
Data isolation
Each query scoped to the authenticated user's ID. Ownership verification on all operations.
Device
Optional biometric unlock (Face ID / Touch ID / PIN). Biometric data never transmitted.
File upload
Type and size validation, randomized filenames (uniqid + timestamp). Max 10 MB.
Account deletion
Complete deletion in atomic transaction. Double confirmation required.
NFC Tags
URL only on physical tag. No personal data written on the chip.
Environments
Development and production fully isolated. Separate credentials, separate databases.
Compliance
Compliant with GDPR (EU Reg. 2016/679). Right of access and erasure managed in app.
Section 11 — Contact

Responsible disclosure.

If you suspect a security issue, a vulnerability, or simply want to ask us a technical question, write to us. We don't take legal action against those who report in good faith.

Security contact
info@oralsnap.com
For security reports, vulnerability disclosures or technical questions about our infrastructure, write to this address. We respond within reasonable time and treat all submissions confidentially.