Privacy & Security

How Your Data Is Protected

Understand how Gender Journey encrypts and secures your personal and medical data.

3 views Updated 1 hour ago

How Your Data Is Protected

Gender Journey takes the security of your personal and medical data seriously. This article explains the measures in place to keep your information safe.

Encryption at Rest

All sensitive data stored in Gender Journey is encrypted using AES-256 encryption — the same standard used by banks and government agencies. This means that even if someone were to access the database directly, they would not be able to read your information without the encryption key.

Encrypted fields include:

  • Legal names and preferred names.
  • Date of birth and addresses.
  • Medical data, hormone details, and blood test results.
  • Surgery information and provider contacts.
  • Voice recording file paths and message content.

Encryption happens automatically at the application level. You do not need to do anything — your data is protected the moment you enter it.

Encryption Keys

Each environment (development, staging, production) uses its own unique encryption key. This means that data from one environment cannot be decrypted in another, adding an extra layer of isolation and security.

Password Security

Your account password is hashed using bcrypt, an industry-standard algorithm designed to be computationally expensive to crack. Gender Journey never stores your password in plain text and cannot retrieve it — only you know your password.

Session and Transport Security

  • All connections use HTTPS (TLS encryption) to protect data in transit.
  • Sessions are encrypted and protected against hijacking.
  • CSRF (Cross-Site Request Forgery) protection is enabled on all forms.
  • Secure, HTTP-only cookies prevent client-side script access to session data.

Brute Force Protection

Gender Journey includes rate limiting on login attempts to prevent brute force attacks. After multiple failed login attempts, your account is temporarily locked to protect against unauthorised access. Failed login attempts are tracked and logged.

Logging Out

You can log out from all devices at once from your account settings. This is useful if you have signed in on a shared computer or believe your session may have been compromised.

Your Rights

Under GDPR and UK data protection law, you have the right to:

  • Access your data at any time.
  • Export a complete copy of your data.
  • Rectify any incorrect information.
  • Delete your account and all associated data.

Visit the Exporting and Deleting Your Data article to learn how to exercise these rights.

Was this article helpful?

Help us improve this article

Thank you for your feedback!

Related Articles

Setting Up Two-Factor Authentication

Step-by-step guide to enabling 2FA, managing backup codes, and using trusted dev...

2 views

Exporting and Deleting Your Data

How to export a complete copy of your data and how to permanently delete your ac...

1 views

End-to-End Encrypted Messaging

Learn how end-to-end encryption protects your private messages and how to manage...

0 views

Still need help?

Can't find what you're looking for? Our support team is here to help.

Back to Privacy & Security Contact Support
GJ

GJ Assistant

Here to help 💜

TGJ

Suggested questions:

This chat is for informational purposes only. Privacy Policy