Clinical safety, by design.
How the platform handles patient data, clinical safety risks, and the line between AI assistance and clinical judgment.
What we are, and what we are not.
We are a documentation, planning, and assessment aid. We are not a clinical decision support tool, not a diagnostic device, and not a substitute for a clinician's professional judgment. Every clinical output is reviewed and approved by a licensed clinician before it enters a clinical record.
Healthcare requires a higher standard of trust than general technology. We design for that — in product architecture, in data handling, in clinical safety flagging, and in our public commitments to patients, clinicians, and partners.
Clinician-in-the-loop, on every output.
The platform does not act on patients. It produces drafts, observations, and suggestions that a clinician reviews, edits, approves, or discards before any clinical use.
AI outputs are clearly labeled as AI-generated drafts.
Notes, plans, and assessments require explicit clinician approval before being saved as clinical records.
The platform never publishes outputs to external systems automatically.
Clinicians can edit any AI output freely; their edits — not the AI's draft — are the clinical record.
Risk surfaced for the clinician — never auto-reported.
In contexts where high-risk clinical content may surface — particularly in mental health session work — the platform flags risk categories for clinician attention. The platform never reports automatically and never replaces mandatory-reporting protocols.
Risk categories
Suicidal ideation (passive and active)
Self-harm (current, recent, or historical)
Homicidal ideation or threats to others
Child abuse disclosures (mandatory-reporting trigger in many jurisdictions)
Domestic violence disclosures
Substance abuse crisis signals
Psychotic symptoms (where mentioned in session)
Eating disorder severity markers (medical instability)
- · Severity grade (low / medium / high) with explicit rationale
- · Audio timestamp linking to the source moment
- · Audit log of clinician acknowledgment
Mandatory-reporting protocols are the clinician's professional and legal responsibility. The platform supports the clinician in making timely, informed decisions; it does not make those decisions for them.
Patient consent and data subject rights.
Patients are the data subjects of every clinical interaction the platform processes. Their consent is the foundation of trust.
The deploying clinician or organisation is responsible for obtaining patient consent before recording or processing sessions.
We provide clinician-facing consent guidance aligned with Australian Privacy Principles, the Australian Mental Healthcare Act, and equivalent international frameworks where relevant.
Patients can request deletion of their data through their treating clinician or organisation. Deletion is propagated within 30 days.
Audio retention defaults to 24 hours; longer retention is the clinician's choice and follows their record-keeping obligations.
Patients are not direct customers of the platform. The clinician or organisation is the customer; the patient's relationship is with their clinician.
What we will not do.
Several things we will not do, by design.
We do not suggest diagnoses.
We do not propose specific clinical interventions for future sessions.
We do not generate clinical content the clinician did not actually say, observe, or clearly imply.
We do not auto-report safety concerns to any external party.
We do not sell, share, or use patient data for any purpose beyond operating the platform for the clinician.
We do not train AI models on patient data without explicit, named, opt-in consent.
What happens when the AI is uncertain.
AI gets things wrong. The right response when an AI is uncertain is not to produce a confident-sounding answer; it is to say so.
Where source audio is too noisy, too short, or too non-clinical to assess, the platform reports "this could not be assessed" rather than producing a guess.
Confidence bounds are surfaced where applicable. A low-confidence finding is labeled low-confidence.
Clinicians can audit the source content for any AI observation by clicking through to the timestamped moment in the audio.
We are working on published evaluation frameworks — including independent evaluation against Hewat et al.'s framework for simulation-based learning quality.
Healthcare-grade security, with a roadmap to certification.
Standard healthcare-grade security practices today, with formal certifications on a published roadmap.
Encryption at rest (AES-256) and in transit (TLS 1.3).
Australian-region data residency by default.
Role-based access controls within clinical organisations.
Audit logs for every read, write, edit, export, and deletion.
ISO 27001 implementation in progress; SOC 2 Type II and IRAP on the roadmap.
How to raise a clinical safety concern.
If you believe the platform produced a clinically unsafe output, please tell us. We treat clinical safety incidents with the same seriousness as a medical-device manufacturer would.
Reports are triaged on a documented severity scale with associated response-time targets.
All reports are reviewed by clinical and engineering leadership.
Patients can ask their treating clinician to raise a concern on their behalf. We respect the clinician–patient relationship and will not contact patients directly.