Encryption
Rich message HTML (the formatted body shown in channels) is encrypted at rest with AES-256-GCM, per-message IV, server-side. The encryption key is stored in the platform's configuration; without it the encrypted blobs are unreadable.
What's NOT encrypted
Heads up — A flattened plain-text copy of each message (
content_plain) is stored unencrypted alongside the encrypted HTML. This is what powers the full-text search — encrypted blobs can't be indexed. If you need to keep certain content out of the search index, redact it from the plain-text body or don't send it via the inbox.
Access control
Within a channel — only members can read.
Realm scope — every query is filtered by realm. Messages can't cross realms.
Realm admins have access to every channel for audit and break-glass — this is per-design and necessary for compliance.
Carerealm super-admins can technically access any realm's data for support. We don't do this routinely; for time-limited support access, contact [email protected].
Transport security
All traffic between your browser and Carerealm is TLS. Mobile apps use HTTPS. No plain-text transport.
When messages are deleted
Soft-deleted messages keep their row but with the content nulled. Hard deletion (GDPR erasure) is a super-admin action — contact [email protected].