Security you can trust

Handling patient data is a privilege we don't take lightly. Our security practices are built for healthcare from the ground up — so you can focus on care, not compliance.

Your data, your control

Patient information is never used to train our AI. We process data solely to support your clinical workflow — nothing more. When you delete it, it's gone for good.

ISO 27001 Accredited

SOC 2 Type 2 Compliant

HIPAA Compliant

GDPR Compliant

UK GDPR Compliant

NHS Data Security Toolkit

APP Compliant (Australia)

Trusted practices for your practice

Patient consent made simple

We provide guidance and template language to help you obtain meaningful patient consent — however your practice prefers to handle it.

Clinician review, always

AI generates summaries; clinicians make decisions. Every output is designed for your review before it touches the patient record.

Access under control

Role-based permissions mean the right people see the right data. Every access is logged and auditable.

How we keep data safe

Secure collection

Patient assessments travel over encrypted connections. Nothing is stored on the patient's device.

Protected in transit

TLS 1.3 encryption protects all data moving between systems.

Isolated processing

AI processing occurs in secure, sandboxed environments with de-identification applied where possible.

Regional storage

Data stays where it belongs. UK data in the UK, EU data in the EU, US data in the US — always in certified facilities.

Full transparency

Export, audit, or delete anytime. You have complete visibility into who accessed what and when.

Security FAQs

Assessment responses, clinical summaries, and access logs. We never record audio or video. All stored data is encrypted at rest and associated with your organization's data retention policy.

Questions about security?

Our team is happy to walk through our security practices in detail.

Get in touch