MFA and security features

Your Data, Locked Down: MFA & Security

Your mental health data is among the most sensitive information you have.

Worress treats it that way.

Multi-Factor Authentication (MFA)

Authentication Methods:

  • SMS code (text message)
  • Authenticator app (TOTP)
  • Email verification
  • Biometric (on supported devices)

How It Works:

  1. Enter password
  2. Receive code via chosen method
  3. Enter code to access account

Even if someone steals your password, they can't access your account without your second factor.

Encryption Everywhere

Data at Rest:

  • AES-256 encryption for stored data
  • Encrypted database
  • Encrypted file storage
  • Encrypted backups

Data in Transit:

  • TLS 1.3 for all connections
  • Certificate pinning
  • No unencrypted transmission

Your data is encrypted whether it's stored on servers or traveling across the internet.

Session-Based Authentication

Composite Token Scoping:

  • Separate tokens for different actions
  • Limited-scope permissions
  • Automatic expiration
  • Secure session management

Session Features:

  • Auto-logout after inactivity
  • Device management (see all logged-in devices)
  • Remote logout (sign out other devices)
  • Session activity audit

Audit Logging

What's Logged:

  • Login attempts (successful and failed)
  • Password changes
  • MFA setup/changes
  • Data exports
  • Account deletions
  • Admin actions (enterprise)

Why It Matters:

  • Detect unauthorized access
  • Track suspicious activity
  • Compliance requirements
  • Forensics if breach occurs

Content Moderation & Safety

Input Validation:

  • Zod schema validation for all inputs
  • Prevents injection attacks
  • Sanitizes user-generated content

Output Sanitization:

  • DOMPurify for blog content
  • Markdown rendering with whitelist
  • XSS protection

Enterprise Security Features

For Organizations:

  • SSO/SAML integration
  • SCIM provisioning
  • IP allowlisting
  • Custom security policies
  • SOC 2 compliance
  • HIPAA-ready architecture
  • Business Associate Agreement (BAA)

Privacy Controls

You Control:

  • Who sees your data (private by default)
  • What gets shared (opt-in only)
  • Export your data anytime
  • Delete your account and all data

Worress Never:

  • Sells your data
  • Shares with third parties without consent
  • Uses your problems for advertising
  • Trains AI on your personal data without permission

Security Score: 95/100

Worress has been independently assessed with a security score of 95/100, including:

  • ✅ HTTPS everywhere
  • ✅ Secure headers (CSP, HSTS, etc.)
  • ✅ MFA available
  • ✅ Encryption at rest
  • ✅ Audit logging
  • ✅ Input validation
  • ✅ Session security
  • ✅ Regular security updates

Anonymous Usage Option

5-Problem Free Tier:

For those who want to try Worress without creating an account:

  • Use 5 problems without signup
  • No personal data required
  • Stored locally in browser
  • Option to create account later and migrate

Full anonymity for cautious new users.

Secure Your Mental Health Data - Enterprise-grade security for personal wellbeing.