Compliance & Governance
Our commitment to responsible AI, data security, and regulatory alignment.
Responsible AI Principles
We adhere to a strict set of principles governing the use of Artificial Intelligence in healthcare compliance. We believe that AI should be a tool for augmentation, not automation of critical decisions.
- Human Sovereignty: A human expert must always make the final decision on any compliance matter.
- Explainability: Every risk flag must include a reference to the specific logic or regulation triggering it.
- Reliability: We optimise for high recall to ensure potential risks are not missed, even if this increases the review load slightly.
- Privacy First: Data privacy is architectural, not an afterthought.
Data Handling & Security
Data Residency
For UK clients, all data processing occurs within UK-based data centres. We ensure that data does not cross borders unless explicitly authorised and necessary for specific features.
Encryption
Data is encrypted at rest using AES-256 and in transit via TLS 1.3. We employ strict key management protocols to ensure data integrity.
Retention Policy
We operate on a "process and discard" model for analysis. Source documents are processed in memory and not permanently stored unless the organisation opts into our archival service.
Access Control
Strict Role-Based Access Control (RBAC) ensures that only authorised personnel within your organisation can view reports or audit logs.
Regulatory Alignment
Our platform is designed to support compliance with key frameworks relevant to UK healthcare and data protection.
UK GDPR & Data Protection Act 2018
Tools to identify personal data (PII) and ensure data minimisation principles.
NHS Digital Data Security Standards
Aligned with the DSP Toolkit requirements for secure data handling.
CQC Fundamental Standards
Supports the 'Well-led' key question by providing robust governance evidence.