CH · Sovereign records · Threat model

Even we can't read them. That's the point.

Your records, encrypted on your device. Granted by you. Revocable by you. Forever.

Read the cryptography Audit our open-source key handling

Encryption

AES-256-GCM

libsodium

Key location

Your device

Never our server

Audit log

Append-only

Tamper-evident

Granular grants

Per-record

Time-bound · revocable

What we defend against

The threats that matter. Modeled honestly.

Insider threat

We cannot read your records. The encryption keys never touch our infrastructure. An employee with database access sees ciphertext only.

Server compromise

If our servers are fully compromised, the attacker gets ciphertext. The encryption keys live on your devices. The chain logs every access attempt, including the failed ones.

Government request

We can produce records only via grant tokens you've issued. We cannot decrypt without your participation. Subpoenas land on your inbox, not ours, by design.

Lost device

Your master key is split across devices and a recovery seed. Loss of one device is recoverable. Loss of all devices plus recovery seed is permanent — we cannot recover what we cannot read.

How grants work

You hold the keys. You write the policy.

Per-record

Grant access to a single lab, a single visit, a single prescription. Not your whole vault.

Time-bound

Every grant has an expiration. Default: 90 days. Override per grant. Auto-revokes.

Revocable

Pull a grant at any time. The chain logs the revocation. The receiving party can no longer decrypt.

The mathematical foundation of Conceptual Health®

CH = (S × Sp)^C × (T + E)^p × (ER × RS)^(C/3)

U.S. Patent Pending 63/921,717

The Ecosystem

Eleven properties. One equation.

🔮 Guardian Orb™ Patient app 🏥 Clinical Provider OS 🔐 Datavault You are here 💊 Pharmacy Adherence-first ⛪ Church of Spirits® Parish clinics 🎓 University Free, forever 📈 HC.exchange Markets ⛓ CH Chain Proof-of-health 📊 Corporate Investors 📡 Social Command center ⚕ Conceptual Health The brand