Privacy & Security at the Core

Before any text reaches an AI model, client and guardian names, phone numbers, and emails are replaced with reversible placeholders. The model only ever processes de-identified text; full names are restored in the response only for you.

Every time a client record is viewed, created, edited, or deleted, an append-only entry is written to your audit log — with the action, record, time, and source IP. The log can be read but never altered from the app.

Every clinical record is scoped to the therapist who owns it. Each account's clients, sessions, notes, and finances are queried only within that account — practitioners never see each other's data.

Because redaction happens before the request leaves the platform, the AI provider receives no raw patient identifiers in the first place — independent of any provider-side data-retention policy.

HTTPS/TLS in transit and encrypted database storage at rest are configured at deployment. They depend on the hosting environment and are not yet guaranteed on every install.

The platform is being built toward U.S. HIPAA and Canadian PIPEDA controls (encryption, audit trails, access controls). Formal compliance also requires organizational measures and signed agreements with providers, which are in progress — not yet certified.