Mittblod.se is a private, encrypted health data pipeline developed by Cessan Lean and Agile Coaching AB (org. nr. 559103-8699), a company registered in Sweden. The service is hosted and operated on servers located within the European Union provided by a ISO27001 certified supplier. Throughout this document, "we", "us", and "our" refer to Cessan Lean and Agile Coaching AB.
1. Our Zero-Knowledge Architecture
Mittblod is built on a zero-knowledge architecture. This means your health data is encrypted on your own device before it ever reaches our servers. We store only encrypted data that we are technically unable to decrypt or read.
What we can see (unencrypted):
Your anonymised username (randomly generated, contains no personal information)
Timestamps of when data was created or modified
Total storage size used
What we cannot see (encrypted and unreadable to us):
Health biomarker data
Medications, supplements, and allergies
Family medical history
Journal entries
Lifestyle questionnaire responses
Test results and dates
All personally identifying information you may have entered
In practice, this means we cannot:
Read, analyse, or share your health data
Sell your health data
Meaningfully respond to third-party data requests about your health
Recover your data if you lose your encryption key
You control:
Your encryption keys (stored locally in your browser)
Who can decrypt your data (only you, by default)
What data you share via the doctor portal
When to export or delete your data
2. How Encryption Works
When you enter health data, your browser encrypts it locally before sending anything to our servers. The process works as follows:
You enter plain-text health data on your device
Your browser encrypts it using AES-256-GCM with a random IV per operation
Your encryption key is derived from your password using PBKDF2-SHA256 (100,000 iterations)
Only the encrypted blob is transmitted over HTTPS/TLS and stored on our servers
When you retrieve data, the encrypted blob is sent back to your browser, where it is decrypted locally using your key
Zero-Knowledge Architecture: We never see the decryption keys. Your encryption key is derived from your password using PBKDF2, wrapped with session-specific encryption, and stored only in your browser's sessionStorage (cleared when tab closes).
Technical Summary:
Encryption: AES-256-GCM with random IV per operation
Key Derivation: PBKDF2-SHA256 with 100,000 iterations
Key Storage: Wrapped with session-specific encryption in sessionStorage (cleared when tab closes)
Transport: HTTPS/TLS for all connections
Server Storage: Only encrypted blobs + metadata (no keys)
3. What We Can & Cannot See
Data type
Visible to us?
Anonymised username
Yes
Account creation date
Yes
Last login timestamp
Yes
Total storage used
Yes
Number of encrypted records
Yes
Your actual health values
No
What biomarkers you track
No
Medical conditions or diagnoses
No
Medications you take
No
Any content of your data
No
4. Data Storage
Your encrypted data is stored on EU-based servers (One.com VPS, Sweden). Infrastructure is GDPR-compliant, encrypted at rest and in transit, and subject to regular security audits.
We store:
Encrypted blobs of your health data (unreadable to us)
Your anonymised username
Metadata (timestamps, data size)
Session tokens for authentication
5. AI Integration (Optional)
All AI features are entirely optional. Core functionality works without them.
When you use AI features:
You provide your own API key from a provider such as Anthropic or OpenAI
Your decrypted data is sent directly from your browser to that AI provider — it does not pass through our servers
Any AI-generated response is re-encrypted by your browser before being stored in our database
Each AI provider operates under its own terms of service and privacy policy, which you are responsible for reviewing
We do not receive, store, or process the data you send to AI providers.
6. Doctor Portal Sharing (Optional)
Sharing via the doctor portal is always explicit and under your control:
You choose exactly what data to share
Your browser decrypts the selected data and re-encrypts it with a temporary key for the recipient
We facilitate the transfer but cannot read the data at any point
You can revoke access instantly
An audit log is maintained (encrypted to us, visible to you)
7. Account Recovery
Critical Information:
During registration you will receive a recovery phrase. This is critical — store it securely offline (printed copy or password manager).
We do not store your recovery phrase
If you lose your recovery phrase and lose browser access, your data becomes permanently unrecoverable
We cannot decrypt it, recover it, or migrate it on your behalf
This is by design — it is proof that we cannot access your data
If you lose access:
Your encrypted data remains on our servers
We cannot decrypt it
We cannot recover your account
The data becomes permanently inaccessible
We believe true privacy is worth this trade-off.
8. Legal Requests
If authorities request your health data, we can only provide encrypted blobs and basic metadata. We cannot decrypt your data or provide meaningful health information. We will notify you of any such request unless we are legally prohibited from doing so. You hold the only decryption keys.
9. Data Retention
While your account is active:
Encrypted data is stored indefinitely
You can export your data at any time
You can delete your data at any time
After account deletion:
All encrypted data is permanently deleted within 30 days
Server logs are deleted within 30 days
Deletion is irreversible
We may retain anonymised aggregate usage statistics (e.g. number of signups per month) that contain no personal or health data
10. Your Rights (GDPR)
As a user based in or covered by EU data protection law, you have the following rights:
Right to access — Download your data via your profile
Right to deletion — Permanent deletion via your profile
Right to portability — Export in standard formats
Right to rectification — You control all data entries directly
Right to restriction — Delete data or choose not to enter it
Right to object — Close your account at any time
Because we cannot read your data, we are unable to correct or modify it on your behalf — you have full and direct control over all content.
11. Cookies & Local Storage
We use only what is essential:
Authentication tokens (to keep you logged in)
Encryption keys (stored in your browser only, never sent to our servers)
User preferences
We use no tracking cookies and no advertising cookies. Basic product analytics are collected via Google Analytics.
12. Security Measures
AES-256-GCM encryption for all health data
HTTPS/TLS for all connections
Encrypted database storage
Regular security audits
Minimal attack surface — we cannot be compelled to reveal data we do not hold
13. Breach Notification
In the event of a data breach, your health data remains encrypted. Attackers cannot decrypt it without your keys. The worst-case scenario is that encrypted blobs are exposed — which are computationally useless without the keys that only you hold. We will notify affected users in accordance with GDPR obligations.
14. International Transfers
Data is hosted in the EU (Sweden). If you use optional AI features, data is transmitted from your browser directly to your chosen AI provider (Anthropic or OpenAI). You control when this happens and can choose not to use AI features at any time.
15. Changes to This Policy
Material changes will be announced and previous versions archived. Continued use of the Service after changes are posted constitutes your acceptance of the revised policy.