Security

How Murph protects your health data.

Murph runs on our servers so you don't have to install anything. Your data is encrypted at rest. When you ask Murph to do something, a short-lived worker decrypts what it needs, does the job, writes the result back encrypted, and shuts down.

Open sourceApache 2.0Inspect the code

What we promise

Here's what you can count on.

Security matters only if we don't sell what we protect. Four things we stand by, in plain words.

We don't sell your data.
Advertisers, insurers, and data brokers get the same answer: no. You pay us, so we work for you, not them.
We limit readable processing.
Your data is encrypted at rest. When you ask Murph to do something, a short-lived worker decrypts what it needs, does the job, writes the result back encrypted, and shuts down.
Take it out or delete it, any time.
Export the whole thing as plain files whenever you want. You can ask us to delete hosted copies, subject to the limited retention described in the privacy policy for legal, security, backup, dispute, and service needs.
Open source. See for yourself.
Murph's product and runtime code is public. Read it yourself, or hand it to a developer you trust.

How it works

Your data is encrypted and separated by purpose.

Murph separates account records, encrypted data, and short-lived workspaces. Each piece handles what it needs for sign-in, billing, syncing, or running a task.

Youbrowser · cliDATABASEYour accountencrypted · minimalSHORT-LIVED WORKERThe runnerCloudflare · short-livedENCRYPTED FILESYour filesencrypted at restSIGN INTASKRESULT

What's what in the diagram

Your account
Your name, email, and login. We use keyed lookup fingerprints instead of raw email for account lookup, and sensitive account fields are encrypted so a database leak is much less useful without the keys.
The runner
A short-lived worker that spins up for one task, then disappears when it's done.
Your files
Your health records, encrypted at rest. A worker decrypts what it needs for a task, then writes the result back encrypted.
Encrypted task
The task we send to the runner. Encrypted before it leaves our database.
Signed request
Every message between these services is signed. Fakes get rejected before they touch your data.

Encryption

What we encrypt.

Your data is encrypted at rest. When you ask Murph to do something, a short-lived worker decrypts what it needs, does the job, and discards the workspace. The crypto card below is for technical readers.

For the technical reader

Method
AES-256-GCM
Keys
Scoped · rotatable
Storage
Encrypted at rest
Lookups
Scrambled, not raw

  • Task data

    per-task key

    Whatever Murph sends to the runner to do a task, plus the files and results it produces.

  • Account & logins

    scoped keys

    Phone, email, wallet address, and the IDs we use to sign you in.

  • Billing & devices

    scoped keys

    Stripe customer references and the tokens we use to sync your wearables.

  • Browser copies

    one-time key

    When your browser needs data to show you something, it gets a trimmed copy locked with a one-time key.

Local Murph · for developers

Or run the whole thing yourself.

If you do not want your Murph vault on Murph-hosted servers, run Murph on your own machine. Local Murph keeps your vault as files on your disk, protected by your operating system and whatever disk encryption you use.

VAULT ROOT~/home.murph/vault roothealth/biomarkers · labs · bodyexperiments/protocols · runs · outcomesjournal/free-text · timestampedsources/cited research · sideloaded docswearables/oura · whoop · garmin · stravaconfigtoml · opinions
Storage format
Plain Markdown + JSONL under a single vault root. Human-readable, grep-able, git-friendly.
Disk encryption
Your filesystem's posture. FileVault, LUKS, BitLocker. We do not add another layer below your OS.
Install
curl -sSL withmurph.ai/install.sh | bash
Source
github.com/cobuildwithus/murph· Apache 2.0
Key files