Security & Clinical Integrity
We understand the sensitivity of clinical documentation. Our architecture is designed to minimize risk through encryption, limited data retention, and de-identified workflows.
Read our Clinical Documentation Guide →Secure Cloud Infrastructure
AI requests are processed through secure AWS services designed for data privacy. We use API-based providers that do not use customer inputs for model training under their published data usage policies.
Encryption Everywhere
Data is encrypted in transit using TLS protocols and encrypted at rest through our infrastructure providers.
Stateless Architecture
PsychDraft is designed to minimize long-term storage of drafting inputs. Session context is not retained beyond active use unless explicitly saved by the user. Temporary context is cleared when sessions close.
Compliance & Responsibility
HIPAA & PHI: PsychDraft is a drafting assistance tool and is not a HIPAA-covered entity. PsychDraft does not currently provide a Business Associate Agreement (BAA). Users are responsible for compliance with applicable privacy regulations. We strongly recommend avoiding the entry of direct identifiers such as full names, dates of birth, medical record numbers, or other protected health information.
Not a Medical Device: PsychDraft generates assistive language only. It does not perform psychological testing, diagnostic evaluation, or clinical decision-making. All outputs must be reviewed and edited by a licensed clinician before use.
PsychDraft relies on secure, HIPAA-eligible infrastructure providers including Supabase (database hosting), Vercel (application hosting), Stripe (billing), and AWS (AI processing and cloud infrastructure). Each provider maintains its own security and compliance documentation.
Questions about compliance or data handling? Contact support@psychdraft.com