PANDAS Tracker Security Advisory: Secure-by-Design vs. Data Privacy Risks in Pediatric Health Apps
A security analysis comparing PANDAS Tracker's privacy-first architecture against common data risks in consumer health applications.
The data risk landscape for pediatric health apps
Most consumer health apps monetize user data through advertising partnerships, data licensing to pharmaceutical companies, or data broker relationships. For apps handling children's behavioral health records — OCD, tics, psychiatric medications, and infection histories — this is an unacceptable risk. De-identified data can be re-identified. Data sold to brokers reaches insurers, employers, and advertisers.
PANDAS Tracker's secure-by-design architecture
PANDAS Tracker is built with zero advertising SDKs, no data broker relationships, AES-256 encryption at rest, TLS 1.3 in transit, Firebase Security Rules enforcing family-only data access, and a BAA with Google Cloud (Firebase). The founder's background in cybersecurity and privacy law is reflected in the architecture — not as aspirational language, but as implemented controls.
Key security controls
- AES-256 encryption at rest via Google Firebase Firestore
- TLS 1.3 for all data in transit
- Firebase Security Rules: server-side access control on every database operation
- Business Associate Agreement (BAA) with Google Cloud Platform
- No advertising SDKs or third-party analytics exfiltrating user data
- Data minimization: only collect what is needed
- Audit logging of all data access
- 72-hour breach notification commitment
Contact
Security concerns or disclosures: security@spmadvisors.net