Brain data is the most sensitive data a person owns. We treat it that way.
Concussion, TBI, psychiatric, and suicide-risk data sit under heightened privacy frameworks. Our architecture is designed to meet them, not skirt them.
What we will & will not do.
Privacy by architecture
On-device inference where possible. Federated learning for model improvement. Subject data never leaves the device in identifiable form for marketing, analytics, or commercial use.
HIPAA-aligned practices
Administrative, physical, and technical safeguards designed to align with HIPAA requirements. Formal compliance pathway is part of the regulatory roadmap, not yet certified.
Encryption end to end
AES-256 at rest. TLS 1.2 or higher in transit. Health and behavioral data are never stored or transmitted in plaintext.
Role-scoped access
Authorized clinicians, researchers, or program operators see only the records their role and program permit. Permissions are scoped, audited, and revocable.
Subject data ownership
Subjects and their authorized guardians retain ownership of their data. Full deletion requests are honored within thirty days, across primary stores and backups.
No data sale, ever
We do not sell, rent, license, or share health or behavioral data with advertisers, data brokers, or any third party for commercial use. There is no fine print to this.
We design against the framework that applies to each deployment. Frameworks listed are those informing current architecture and planned international expansion.