For clinics doing due diligence
Brain data deserves serious protection. Here is exactly how we provide it.
LiberateOS handles EEG-derived data — legally classified as biometric data of special sensitivity under modern biometric-privacy law. We built our privacy architecture before we built the product.
The five commitments
Pseudonymous by design
The LiberateOS cloud never holds a patient's real name, date of birth, or any personal identifier. Your clinic assigns pseudonyms; you hold the mapping locally.
Data stays in a dedicated region
All session data is stored and processed in a single dedicated cloud region. No data leaves the dedicated region to third-party processors.
Encrypted end to end
Data is encrypted in transit (TLS 1.3) and at rest (AES-256 via AWS KMS). Encryption keys are managed per-tenant.
Per-session, revocable consent
Consent is recorded at the session level — not once at intake. A patient can revoke consent for a specific session; the dashboard reflects this immediately.
Full audit logging
Every data access event — who viewed what session, when — is logged to an immutable audit trail. Clinics can request audit logs for their own sessions.
How the privacy architecture works
Pseudonymization (ADR-0021)
The core privacy principle is that the LiberateOS cloud system is structurally incapable of linking brain data to a real person. Your clinic dashboard shows pseudonyms of the form anon_<16hex characters>. The cloud never receives a real name. Your clinic's own records — which never leave your premises — contain the pseudonym-to-patient mapping. This is a deliberate architectural decision (ADR-0021), not a configuration setting.
Data residency
Session data — EEG-derived metrics, session timestamps, scenario parameters — is stored in a single dedicated cloud region. We do not use cross-region replication for patient data. The marketing website itself is hosted on Vercel's global CDN (it contains no patient data); only the dashboard and backend run in-region.
Encryption
All communication between the clinic dashboard and the LiberateOS backend uses TLS 1.3. Data at rest uses AES-256 encryption managed through AWS Key Management Service (KMS). Encryption keys are scoped per clinic tenant — one clinic's keys do not decrypt another's data.
Consent model
Consent is captured in the dashboard at the start of each session. The system supports: informed consent recorded (session proceeds), consent withheld (session blocked), and post-session revocation (session data flagged for deletion per your data retention policy). Consent audit records are themselves retained for legal compliance.
Access control
Provider authentication is via AWS Cognito with MFA. Each clinic's Providers can only access their own clinic's data — URL-level tenant scoping enforced at the API layer. A clinic cannot navigate to another clinic's sessions. Multi-site Providers have explicit cross-location grants.
Compliance posture
A plain-language note on our regulatory position. We are a startup; formal legal review is part of our pilot readiness process. We describe our current posture honestly.
Strict biometric-data privacy standards
EEG-derived brain activity data constitutes 'data of special sensitivity' (biometric data) under modern biometric-privacy law (GDPR-aligned). We classify it accordingly and apply the heightened safeguards required: explicit consent, purpose limitation, data minimisation, and enhanced security measures. Formal legal review of our compliance posture is planned as part of the Q1 2027 pilot readiness process.
GDPR-style principles
We apply GDPR-aligned principles by design: data minimisation, purpose limitation, storage limitation, and data subject rights (access, correction, deletion). This prepares us for EU market entry without architectural rework.
WCAG 2.1 AA (accessibility)
Our public website targets WCAG 2.1 AA compliance. An accessibility statement is available at /accessibility.
This page describes our current privacy architecture and posture. It is not legal advice and does not constitute a formal compliance certification. Clinics should conduct their own due diligence and consult legal counsel as appropriate for their specific regulatory context.
For compliance and due-diligence reviewers
If you are evaluating LiberateOS for your clinic and need detailed documentation — data flow diagrams, security architecture, subprocessor list, DPA template — please contact us. We maintain a due-diligence package for serious clinic partners.