Security Policy
Effective Date: 1/3/2026
At Knit Healthcare, LLC ("Knit", "we", "us", or "our"), protecting your information is a core responsibility. This Security Policy explains, at a high level, the safeguards we use to help protect personal and health information when you use our website, mobile application, and related services (collectively, the "Services").
No system is perfectly secure, but we design Knit with security and privacy in mind from the start.
Our Security Approach
Knit is built as a consumer health data platform. We take a risk-based, stage-appropriate approach to security, applying safeguards that are reasonable and appropriate for our size, maturity, and the sensitivity of the data we handle.
Security practices evolve as the product evolves, and we continuously review and improve our controls.
Data Encryption
We use encryption to help protect information:
In transit: Data transmitted between your device and Knit's services is encrypted using industry-standard secure transport protocols.
At rest: Data stored in our systems is protected using encryption technologies provided by our cloud infrastructure.
Authentication & Access Control
User Authentication
Knit supports modern authentication methods, including third-party sign-in options (such as Google or Apple) and secure login flows that do not rely on traditional passwords.
Internal Access Controls
Access to production systems and user data is limited to authorized personnel only.
We follow a least-privilege approach, meaning team members only receive access necessary for their role.
Access levels are reviewed as the team grows.
Environment Separation
We maintain separate environments for development and production.
We avoid using real user health data in development environments, except for limited internal testing by team members.
Production data is accessed only when necessary to operate and support the Services.
Infrastructure & Vendors
Cloud Hosting: Knit's applications and data infrastructure are hosted on Google Cloud.
Website Hosting: Our marketing website is hosted through Framer.
Monitoring: We use tools such as Sentry to monitor application errors and crashes.
Vendors are selected based on reliability and security practices appropriate to their role.
Backups & Availability
We rely on cloud-provider-managed backup and availability features to protect against data loss. Backup processes and retention may evolve as the platform matures.
Incident Response
While Knit is still in early stages, we take security concerns seriously.
We monitor for signs of potential security issues.
If we become aware of a security incident that may affect your information, we will take reasonable steps to investigate and respond.
Where appropriate, we will notify affected users and comply with applicable legal requirements.
As the platform grows, we will continue to formalize and strengthen our incident response processes.
Your Role in Security
You also play a role in keeping your information safe. We encourage you to:
Keep your account access secure
Use trusted devices and networks
Notify us promptly if you suspect unauthorized access to your account or a security issue involving the Services
Compliance & Certifications
Knit does not currently hold formal security certifications such as SOC 2, ISO 27001, or HITRUST. We design our systems with recognized security principles in mind and may pursue additional controls or certifications in the future.
Limitations
Despite our efforts, no method of transmission or storage is completely secure. We cannot guarantee absolute security, and use of the Services is at your own risk.
Updates to This Security Policy
We may update this Security Policy from time to time as our practices evolve. Updates will be posted on our website, and continued use of the Services constitutes acceptance of the updated policy.
12. Contact Us
If you have questions or concerns about security, or believe you have identified a security issue, please contact us at:
Knit Healthcare, LLC
Email: hello@knithealthcare.com
At Knit Healthcare, LLC ("Knit", "we", "us", or "our"), protecting your information is a core responsibility. This Security Policy explains, at a high level, the safeguards we use to help protect personal and health information when you use our website, mobile application, and related services (collectively, the "Services").
No system is perfectly secure, but we design Knit with security and privacy in mind from the start.
Our Security Approach
Knit is built as a consumer health data platform. We take a risk-based, stage-appropriate approach to security, applying safeguards that are reasonable and appropriate for our size, maturity, and the sensitivity of the data we handle.
Security practices evolve as the product evolves, and we continuously review and improve our controls.
Data Encryption
We use encryption to help protect information:
In transit: Data transmitted between your device and Knit's services is encrypted using industry-standard secure transport protocols.
At rest: Data stored in our systems is protected using encryption technologies provided by our cloud infrastructure.
Authentication & Access Control
User Authentication
Knit supports modern authentication methods, including third-party sign-in options (such as Google or Apple) and secure login flows that do not rely on traditional passwords.
Internal Access Controls
Access to production systems and user data is limited to authorized personnel only.
We follow a least-privilege approach, meaning team members only receive access necessary for their role.
Access levels are reviewed as the team grows.
Environment Separation
We maintain separate environments for development and production.
We avoid using real user health data in development environments, except for limited internal testing by team members.
Production data is accessed only when necessary to operate and support the Services.
Infrastructure & Vendors
Cloud Hosting: Knit's applications and data infrastructure are hosted on Google Cloud.
Website Hosting: Our marketing website is hosted through Framer.
Monitoring: We use tools such as Sentry to monitor application errors and crashes.
Vendors are selected based on reliability and security practices appropriate to their role.
Backups & Availability
We rely on cloud-provider-managed backup and availability features to protect against data loss. Backup processes and retention may evolve as the platform matures.
Incident Response
While Knit is still in early stages, we take security concerns seriously.
We monitor for signs of potential security issues.
If we become aware of a security incident that may affect your information, we will take reasonable steps to investigate and respond.
Where appropriate, we will notify affected users and comply with applicable legal requirements.
As the platform grows, we will continue to formalize and strengthen our incident response processes.
Your Role in Security
You also play a role in keeping your information safe. We encourage you to:
Keep your account access secure
Use trusted devices and networks
Notify us promptly if you suspect unauthorized access to your account or a security issue involving the Services
Compliance & Certifications
Knit does not currently hold formal security certifications such as SOC 2, ISO 27001, or HITRUST. We design our systems with recognized security principles in mind and may pursue additional controls or certifications in the future.
Limitations
Despite our efforts, no method of transmission or storage is completely secure. We cannot guarantee absolute security, and use of the Services is at your own risk.
Updates to This Security Policy
We may update this Security Policy from time to time as our practices evolve. Updates will be posted on our website, and continued use of the Services constitutes acceptance of the updated policy.
12. Contact Us
If you have questions or concerns about security, or believe you have identified a security issue, please contact us at:
Knit Healthcare, LLC
Email: hello@knithealthcare.com