Security Overview

April 2026 · High-level summary for organizations evaluating CaloriEat

Architecture (This Build)

• Client-only profiles: User-created accounts and logs are persisted with browser APIs, not written to an application database operated by CaloriEat.
• Transport: Serve the site over HTTPS on your host (e.g., GitHub Pages with HTTPS) so content is encrypted in transit.
• Dependencies: Chart.js and fonts may load from CDNs; review CSP and self-hosting if your policy requires it.

Your Responsibilities

Protect device access, use OS and browser updates, and follow organizational policies for health data if this tool is used in regulated contexts.

Reporting

Security concerns: contact with subject “Security”.