Springa processes continuous glucose monitor (CGM) readings, insulin-on-board estimates, and workout/training data for a Type 1 diabetic runner. This data is medical in nature.

• Hosting: Vercel (serverless, no persistent server)
• Database: Turso (libsql), encrypted at rest
• Auth: NextAuth with Google OAuth, restricted to a single-email allowlist
• CGM ingestion: /api/v1/entries endpoint authenticated with CGM_SECRET. Accepts both SHA1-hashed (Strimma, Android CGM app) and plaintext (SugarRun, Garmin watch datafield) forms of the secret.
• Scheduled tasks: Vercel Cron Jobs authenticated with CRON_SECRET

• All secrets stored as Vercel environment variables (never committed to the repo)
• Local development uses .env*.local files, which are gitignored
• No secrets in client-side code or bundle

This is a personal project, but it handles real medical data. If you find a security issue, please email the repository owner directly rather than opening a public issue.