Security and Compliance

Built to safeguard patient data and support clinical responsibility

Aisel is a GDPR-compliant software platform developed specifically for psychiatric clinics. Security, privacy and compliance are embedded at every level of the system, from infrastructure and design to how patient data is collected, processed and stored.

With separate systems for clinical operations (Aisel Clinic) and Aisel AI, European-only hosting and strict access controls, Aisel provides clinics with the assurance they need to operate safely and confidently in a digital environment.

Get A Demo
Chat therapy

Core Principles of Trust and Safety

Aisel is developed with a clear commitment to clinical-grade data protection.

GDPR-Compliant by Design

  • Full alignment with the General Data Protection Regulation (GDPR)
  • Privacy-by-design and privacy-by-default baked into all platform architecture
  • Data subject rights, access and deletion requests fully supported

Notes

All Data Stays in Europe

  • All patient data is stored and processed exclusively within the EU
  • No cross-border transfers occur without appropriate legal safeguards
Notes

Separation of Data Layers

  • Identifiable patient information and clinical content are processed separately
  • Only minimal personal data (first name and phone number) is used by AI modules
  • Aisel’s dual-system architecture ensures clinical and AI environments are independently secured
Notes

Dual-System Architecture

  • Aisel Clinic manages identifiable patient and clinical data
  • Aisel AI handles AI processing separately, with no access to identifiable data
  • Dedicated subnets, role-based access and encryption protect both environments
Notes

Infrastructure and Hosting

Users - Elements Webflow Library - BRIX Templates

Hosted on Microsoft Azure (EU region only)

Desktop - Elements Webflow Library - BRIX Templates

AES-256 encryption for data at rest

Users - Elements Webflow Library - BRIX Templates

TLS 1.2+ encryption for data in transit

Reports - Elements Webflow Library - BRIX Templates

Role-based access control (RBAC) across all systems

Authentication and Access

  • Two-factor authentication (2FA) via Azure Entra ID (available on request)
  • Session-based access with automatic expiry
  • Optional IP whitelisting and network isolation available for clinic configurations
  • Zero-access design: Aisel staff cannot access patient-identifiable data

Audit and Logging

  • All access and actions are fully logged and traceable
  • Logs can be reviewed for security, clinical governance and compliance purposes

Certifications and Compliance Roadmap

  • Fully GDPR-compliant
  • ISAE 3000 self-certification process in place, supported by ComplyCloud
  • CE Class I Medical Device certification targeted for 2025
GDPR

Patient Protection and Consent

Patient safety and dignity remain central to all AI interactions on the platform.

Informed Consent

  • Explicit patient consent is required before any interaction with Aisel’s AI modules
  • Patients are shown a preview of any AI generated report before it is submitted to a clinician
  • All communications use secure SMS invites with unique, expiring access tokens
Notes

Transparency and Control

  • Patients may request access to their data or request deletion through the clinic at any time
  • Clinics retain full control over patient records and access permissions
Safety

Clinician Control of Records

  • Patient data may be stored for up to 5 years post-treatment, aligned with clinical obligations
  • Clinicians may delete records at any time

Responsible Use of Anonymised Data

  • Anonymised data may be retained for system improvement and academic research
  • No personal or identifiable information is included in anonymised datasets