Security and trust
We build KineticFlow, operated by Assistencia Labs, for clinics handling sensitive patient data—so we’d rather show you how the product works than hand you a wall of badges.
We don’t display certifications or attestations we don’t hold. If we earn independent certifications, we’ll publish the evidence and its scope—not a logo. What follows is what’s actually in place today, and what’s on the way.
Explainable by design
Our adherence-risk scoring is not an opaque model. Each patient’s risk score is built from a fixed set of named factors—missed sessions, engagement decay, decline against the patient’s own baseline, rising pain—each with a capped, published weight, and the weights sum to 100. Every flag shows the exact reasons and their contribution, in the caseload risk chips and the pre-visit brief. A clinician—or an auditor—can always see precisely why a patient was surfaced.
We also measure whether our interventions worked: an effectiveness loop tracks which check-in actually re-engaged a patient, so the system’s recommendations are grounded in your clinic’s own outcomes, not a vendor’s assumptions.
How we protect your data
- Tenant isolation. Every read is scoped to the customer’s clinic at the data layer. A patient in one clinic cannot appear in another clinic’s caseload, search, or reports.
- Least-privilege access. Clinician, admin, and patient roles are enforced server-side. Patient-facing records only ever expose fields explicitly marked patient-visible—clinical notes stay clinician-only unless you choose otherwise.
- Auditable clinical records. Case sheets follow a sign → amend trail: a signed record can’t be silently rewritten, and amendments are tracked.
- Encryption in transit and at rest. Data is encrypted in transit with TLS and encrypted at rest.
AI data processing
AI-native features process the voice, video, images, and text you or your patients submit—to power case-sheet documentation, treatment planning, and patient engagement. Two commitments govern this:
- A human stays in the loop. AI drafts and surfaces; a therapist approves. Assistive output is never applied to a patient automatically.
- We test our AI before it ships. AI behavior is checked against defined invariants in our release pipeline, not just reviewed by hand.
Subprocessors. We use a small set of vetted providers to deliver these features—our AI/model provider, WhatsApp/Meta for messaging, and our media hosting provider. Our AI subprocessors do not use your or your patients’ data to train their models. A current subprocessor list is available on request. Retention is defined in your agreement and our Privacy Policy.
WhatsApp reminders
Reminders and check-ins are sent only as pre-approved WhatsApp message templates—never free-form clinical content—and travel over Meta’s WhatsApp infrastructure.
Compliance: today and next
Available today
- EU & Netherlands: Article 28 data processing agreement available, with processing under the GDPR and applicable member-state law.
- India (DPDP): built India-first, with DPDP obligations in mind.
Rolling out
- EEA data residency, where practicable.
Shared responsibility
KineticFlow processes patient health data—including special-category data such as pain and rehabilitation records—under your direction, as your processor. You remain the controller: you’re responsible for your own regulatory program and for how you configure staff access and patient notices. We give you the controls; you decide how they’re used.
Not a substitute for clinical judgment
Assistive features support human decision-making. They are not a substitute for professional clinical judgment or for legal and compliance advice.
Report a security issue
Found a vulnerability? We want to hear about it. Please give us a reasonable window to fix before public disclosure.
Last updated: 4 July 2026