Assistencia Labs

Security and trust

We build KineticFlow, operated by Assistencia Labs, for clinics handling sensitive patient data—so we’d rather show you how the product works than hand you a wall of badges.

We don’t display certifications or attestations we don’t hold. If we earn independent certifications, we’ll publish the evidence and its scope—not a logo. What follows is what’s actually in place today, and what’s on the way.

Explainable by design

Our adherence-risk scoring is not an opaque model. Each patient’s risk score is built from a fixed set of named factors—missed sessions, engagement decay, decline against the patient’s own baseline, rising pain—each with a capped, published weight, and the weights sum to 100. Every flag shows the exact reasons and their contribution, in the caseload risk chips and the pre-visit brief. A clinician—or an auditor—can always see precisely why a patient was surfaced.

We also measure whether our interventions worked: an effectiveness loop tracks which check-in actually re-engaged a patient, so the system’s recommendations are grounded in your clinic’s own outcomes, not a vendor’s assumptions.

How we protect your data

  • Tenant isolation. Every read is scoped to the customer’s clinic at the data layer. A patient in one clinic cannot appear in another clinic’s caseload, search, or reports.
  • Least-privilege access. Clinician, admin, and patient roles are enforced server-side. Patient-facing records only ever expose fields explicitly marked patient-visible—clinical notes stay clinician-only unless you choose otherwise.
  • Auditable clinical records. Case sheets follow a sign → amend trail: a signed record can’t be silently rewritten, and amendments are tracked.
  • Encryption in transit and at rest. Data is encrypted in transit with TLS and encrypted at rest.

AI data processing

AI-native features process the voice, video, images, and text you or your patients submit—to power case-sheet documentation, treatment planning, and patient engagement. Two commitments govern this:

  • A human stays in the loop. AI drafts and surfaces; a therapist approves. Assistive output is never applied to a patient automatically.
  • We test our AI before it ships. AI behavior is checked against defined invariants in our release pipeline, not just reviewed by hand.

Subprocessors. We use a small set of vetted providers to deliver these features—our AI/model provider, WhatsApp/Meta for messaging, and our media hosting provider. Our AI subprocessors do not use your or your patients’ data to train their models. A current subprocessor list is available on request. Retention is defined in your agreement and our Privacy Policy.

WhatsApp reminders

Reminders and check-ins are sent only as pre-approved WhatsApp message templates—never free-form clinical content—and travel over Meta’s WhatsApp infrastructure.

Compliance: today and next

Available today

  • India (DPDP): built India-first, with DPDP obligations in mind.
  • EU & Netherlands: Article 28 data processing agreement available.

Rolling out

  • EEA data residency, where practicable.

See our Privacy Policy for current detail

Shared responsibility

KineticFlow processes patient health data—including special-category data such as pain and rehabilitation records—under your direction, as your processor. You remain the controller: you’re responsible for your own regulatory program and for how you configure staff access and patient notices. We give you the controls; you decide how they’re used.

Not a substitute for clinical judgment

Assistive features support human decision-making. They are not a substitute for professional clinical judgment or for legal and compliance advice.

Report a security issue

Found a vulnerability? We want to hear about it. Please give us a reasonable window to fix before public disclosure.

security@assistencialabs.com

Last updated: 4 July 2026

Privacy Policy · Terms of Service · Contact