PsychDraft LogoPsychDraft
Trust Center

Security & Clinical Integrity

PsychDraft was designed from the ground up for privacy-sensitive neuropsychological documentation. We prioritize clinician control, secure cloud infrastructure, limited data retention, and HIPAA-supportive workflows.

Download Security & Privacy Overview

3-page PDF • Version 1.0 • Last updated June 2026

AWS BAA Active
HIPAA-Eligible Infrastructure
Encrypted in Transit & At Rest
Clinician-Controlled Review

Clinical information submitted to PsychDraft is processed only to generate your requested documentation and is not used to train foundation AI models.

At a Glance

AWS Business Associate Agreement active
HIPAA-eligible infrastructure
Encrypted in transit
Encrypted at rest
No foundation model training
Clinician-controlled outputs
Built for neuropsychology workflows

How Clinical Data Moves Through PsychDraft

Where does my clinical data go? We operate with absolute transparency about how information is transmitted, processed, and cleared.

1. Data Input

Clinician

2. In Transit

Encrypted Connection

3. AWS Bedrock

Secure AI Processing

4. To Browser

Draft Returned

5. Zero-Retention

Session Ends

1. Data Input:

Clinician initiates session and enters observation notes or clinical parameters.

2. In Transit:

Encrypted browser connection (TLS 1.3) protects clinical data during transmission.

3. AWS Bedrock:

AI processing runs under an active AWS BAA, using secure, private execution environments.

4. To Browser:

Structured clinical draft language is returned directly to the clinician's workspace.

5. Zero-Retention:

Temporary workflow context is cleared from servers and memory is wiped.

Data is encrypted during transmission using secure TLS protocols, establishing a secure connection directly between the clinician's browser and our AWS deployment.

Processing occurs only to generate the requested clinical draft, operating on a temporary memory execution framework that avoids persistence.

Clinicians retain sole responsibility for reviewing, editing, interpreting, and approving final documentation. PsychDraft is an assistant, not an independent evaluator.

Workflows are designed to minimize data retention, ensuring that clinical inputs and temporary context do not persist on servers once processing finishes.

How We Protect Your Clinical Data

Clinically grounded technology demands rigorous data protection rules. We operate under strict transparency.

Encryption

  • TLS 1.3 encryption during all transmission
  • Encrypted cloud infrastructure and network layers
  • Industry-standard AES-256 encryption at rest

Business Associate Agreements

  • AWS Bedrock operates under an active BAA
  • Built entirely on HIPAA-eligible infrastructure
  • Enterprise documentation available upon request

AI Privacy

  • Clinical information is processed only to generate requested drafts
  • Data is not used to train foundation AI models
  • Clinicians remain in control of all documentation

Data Retention

  • Architecture designed to minimize unnecessary storage
  • Temporary workflow context is cleared after sessions
  • Saved reports require explicit clinician action (where applicable)

Infrastructure & Service Providers

To maintain complete transparency for IT departments and compliance officers, here is the list of third-party infrastructure providers used by PsychDraft.

ComponentProvider
AI ProcessingAWS Bedrock
Application HostingVercel
AuthenticationSupabase
PaymentsStripe
Email CommunicationsMailerLite

Security FAQ

Clear, factual answers regarding data handling, system boundaries, and organizational setups.

Our Clinical AI Principles

Our platform is built to align with professional ethics, clinical boundaries, and standard psychology practices.

Clinician Directed

PsychDraft assists documentation but does not replace clinical judgment. Clinicians remain responsible for interpretation, diagnosis, recommendations, and final report approval.

Transparent

PsychDraft generates drafts from clinician-provided information rather than independently making clinical decisions.

Privacy First

The platform is designed to minimize data retention and limit processing to what is necessary for the requested workflow.

Built for Neuropsychology

PsychDraft was designed specifically around neuropsychological documentation workflows rather than adapting a generic AI writing assistant.

Need Security Documentation?

If your organization requires additional privacy, security, or Business Associate Agreement documentation, we’re happy to discuss your workflow and compliance requirements.

Security & Privacy Overview, Version 1.0 — updated June 2026

PsychDraft is built on HIPAA-eligible AWS cloud infrastructure designed to support privacy-sensitive clinical documentation workflows, including secure AI processing through AWS.

Clinicians retain full responsibility for evaluating appropriate use, obtaining patient consents, and ensuring their final documentation aligns with institutional policies, ethics boards, and applicable state or federal regulations.

This information is provided for general transparency and does not constitute legal or regulatory advice. Organizations are responsible for determining whether PsychDraft is appropriate for their compliance requirements and workflows.

Security Documentation • Version 1.0
Last Updated: June 2026