How It WorksTry ItFor ClinicsFor PatientsEvidenceFAQ
Book DemoActivate account →Log in

Security & compliance

Built for the standards your IT and Risk teams will ask about.

Emobot is a HIPAA Business Associate to your clinic. The BAA is built into our Terms of Service (Exhibit A) for US clinics, with a parallel DPA for the UK and EU. Privacy is on-device by default — the clinic sees a number, never a recording.

HIPAA-readyGDPR & UK DPAAWS HDS-classAES-256TLS 1.3On-device

HIPAA Business Associate Agreement

Pre-executed via our Terms of Service (Exhibit A) the moment a US clinic onboards. No separate negotiation needed.

Read US Terms (incl. BAA) →

UK / EU DPA & GDPR

A parallel Data Processing Agreement and GDPR-compliant terms for UK and EU clinics, on AWS HDS-class hosting.

Read UK Terms (incl. DPA) →

Privacy-first architecture

Facial analysis runs on-device; voice is processed in a 30-minute ephemeral window then discarded. Only numerical scores are transmitted.

Privacy policy →

On-device processing

Raw video and audio never leave the patient's phone. Zero raw biometric data is stored long-term.

AWS HDS hosting

Hosted on AWS Health Data Storage-certified infrastructure. TLS 1.3 in transit, AES-256 at rest.

Patient-controlled sharing

Patients opt in to share their trend with the clinic and can pause or revoke at any time. The clinic sees a number, not a recording.

What leaves the phone

Like a lab result, not the blood sample.

Four steps, by design, keep raw biometrics on the device and put the patient in control of what the clinic sees.

01

Captured on-device

Facial expression is analysed by an on-device neural network. The raw video buffer is processed locally and discarded — it never leaves the phone.

02

Voice processed ephemerally

Voice audio is held in a 30-minute ephemeral window on our servers for emotion analysis, then discarded. Only the numerical emotion score is retained.

03

Only scores are stored

What persists is a daily depression index and sub-scores — like a lab result, not the blood sample. No audio, video, or raw images.

04

Shared on the patient's terms

The clinic sees the trend only when the patient opts in to share it, for a fixed period the patient controls.

Need a security packet for procurement?

We can share a sub-processor list, pen-test summary, and architecture overview under NDA. Mention it in your briefing and we’ll send it over.

Book a clinic briefing →Request the security packet