Security & Clinical Integrity
PsychDraft was designed from the ground up for privacy-sensitive neuropsychological documentation. We prioritize clinician control, secure cloud infrastructure, limited data retention, and HIPAA-supportive workflows.
3-page PDF • Version 1.0 • Last updated June 2026
Clinical information submitted to PsychDraft is processed only to generate your requested documentation and is not used to train foundation AI models.
At a Glance
How Clinical Data Moves Through PsychDraft
Where does my clinical data go? We operate with absolute transparency about how information is transmitted, processed, and cleared.
Clinician
Encrypted Connection
Secure AI Processing
Draft Returned
Session Ends
Clinician initiates session and enters observation notes or clinical parameters.
Encrypted browser connection (TLS 1.3) protects clinical data during transmission.
AI processing runs under an active AWS BAA, using secure, private execution environments.
Structured clinical draft language is returned directly to the clinician's workspace.
Temporary workflow context is cleared from servers and memory is wiped.
Data is encrypted during transmission using secure TLS protocols, establishing a secure connection directly between the clinician's browser and our AWS deployment.
Processing occurs only to generate the requested clinical draft, operating on a temporary memory execution framework that avoids persistence.
Clinicians retain sole responsibility for reviewing, editing, interpreting, and approving final documentation. PsychDraft is an assistant, not an independent evaluator.
Workflows are designed to minimize data retention, ensuring that clinical inputs and temporary context do not persist on servers once processing finishes.
How We Protect Your Clinical Data
Clinically grounded technology demands rigorous data protection rules. We operate under strict transparency.
Encryption
- TLS 1.3 encryption during all transmission
- Encrypted cloud infrastructure and network layers
- Industry-standard AES-256 encryption at rest
Business Associate Agreements
- AWS Bedrock operates under an active BAA
- Built entirely on HIPAA-eligible infrastructure
- Enterprise documentation available upon request
AI Privacy
- Clinical information is processed only to generate requested drafts
- Data is not used to train foundation AI models
- Clinicians remain in control of all documentation
Data Retention
- Architecture designed to minimize unnecessary storage
- Temporary workflow context is cleared after sessions
- Saved reports require explicit clinician action (where applicable)
Infrastructure & Service Providers
To maintain complete transparency for IT departments and compliance officers, here is the list of third-party infrastructure providers used by PsychDraft.
| Component | Provider |
|---|---|
| AI Processing | AWS Bedrock |
| Application Hosting | Vercel |
| Authentication | Supabase |
| Payments | Stripe |
| Email Communications | MailerLite |
Security FAQ
Clear, factual answers regarding data handling, system boundaries, and organizational setups.
Our Clinical AI Principles
Our platform is built to align with professional ethics, clinical boundaries, and standard psychology practices.
Clinician Directed
PsychDraft assists documentation but does not replace clinical judgment. Clinicians remain responsible for interpretation, diagnosis, recommendations, and final report approval.
Transparent
PsychDraft generates drafts from clinician-provided information rather than independently making clinical decisions.
Privacy First
The platform is designed to minimize data retention and limit processing to what is necessary for the requested workflow.
Built for Neuropsychology
PsychDraft was designed specifically around neuropsychological documentation workflows rather than adapting a generic AI writing assistant.
Need Security Documentation?
If your organization requires additional privacy, security, or Business Associate Agreement documentation, we’re happy to discuss your workflow and compliance requirements.
Security & Privacy Overview, Version 1.0 — updated June 2026