WellCalcs is designed around static public pages, controlled admin editing, local JSON data, careful health-content boundaries, and privacy-conscious calculator experiences.
Admin routes require authentication, CSRF protection, and optional two-factor verification.
Admin changes are validated before saving and backed up before replacing live JSON data.
Login, contact, ratings, and admin endpoints can be rate-limited to reduce automated abuse.
Optional personal planning entries are designed to stay on the user device unless the user chooses to export them.
GLP-1 pages are educational and avoid prescription, dosing, purchase, or diagnosis claims.
Public tool pages are indexable while admin, API, and login routes are excluded from search.
If you discover a security concern, please contact us before public disclosure and include enough detail to reproduce the issue.
Contact WellCalcs security