Trust & Security

How we handle your data, your records, and your trust.

NeuroPath Health is in early pilot phase. We’re building our formal trust documentation in partnership with our first institutional customers — and we’re happy to share what we have today with any partner in procurement review.

HIPAA Posture

NeuroPath Health operates under a HIPAA-aligned architecture. Our school deployments do not require Protected Health Information (PHI) — district-facing workflows use educational records governed by FERPA, which keeps the system outside HIPAA’s scope for those customers. Hospital and clinical deployments that handle PHI operate under a signed Business Associate Agreement (BAA).

Note for institutional buyers: Our HIPAA documentation — BAA template, risk assessment, and administrative/technical/physical safeguards summary — is available on request. We’re actively building toward a full HIPAA compliance attestation and will publish it here when complete.

Security Program

NeuroPath Health is built on Google Cloud infrastructure with modern security controls from the ground up. Our program emphasizes defense in depth, least-privilege access, and continuous monitoring.

Independent assessments: SOC 2 Type I is under active planning. Our target is to complete Type I in our first full operating year and progress to Type II thereafter. Penetration testing cadence and scope will be published alongside the Type I attestation. Pilot partners with accelerated procurement timelines can request a tailored security review.
Security questions or responsible disclosure: security@neuropathhealth.com

Clinical Reliability Harness

NeuroPath Health auto-generates three tiers of clinical output: student profiles, proposed target behaviors, and candidate intervention plans. Because those outputs inform decisions about real children, they are scored daily against a licensed clinician — and the system pauses itself when reliability slips. This section documents how that oversight works so buyers, compliance officers, and clinicians can evaluate it directly.

Scoring methodology

Every generated output is evaluated item-by-item across multiple independent clinical dimensions spanning operational precision, target selection, intervention fit, and behavioral function. Matching is function-based rather than strict-wording; an item counts as agreement when it addresses the same behavioral function the reviewing clinician would have written, even if phrasing differs. The aggregate output score is the percentage of agreeing items. Specific dimension weightings are shared with pilot partners under NDA.

Behavioral function accuracy is load-bearing. Our scoring framework places primary weight on whether the hypothesized behavioral function is correct — it is treated as a gating clinical check rather than one checkbox among many. Exact weighting methodology is available to pilot partners under NDA.

Daily 33% clinician review

Auto-pause thresholds

Each output tier is monitored independently. When clinician agreement for a tier falls below our defined reliability thresholds — either through sustained sub-threshold scoring or an error accumulation pattern — that tier auto-pauses pending supervised review. The exact thresholds are calibrated conservatively and are shared with pilot partners under NDA.

When a tier pauses, generation for that tier is suspended, the admin UI displays a visible banner naming the paused tier, and reactivation requires a clinician to review the flagged batch and explicitly re-enable. Every pause and re-enable event is written to the immutable audit trail with reviewer identity and timestamp.

Why the threshold is strict: An earlier draft proposed monitoring agreement over long rolling averages. Our clinical co-founder pushed back — that would let too many errors accumulate before the system pauses. The current rule fires meaningfully earlier. The purpose is never to “quietly drift.”

Reliability dashboard

Captured agreement data feeds an internal dashboard showing agreement percentage by output tier, by metric, by district, by school, and by clinician author, with trend lines over time. The data is maintained in the same shape a BCBA supervisor pulls for licensure-level inter-rater agreement documentation — so clinician customers can reuse it for their own credentialing records.

Clinical reliability questions or IOA documentation requests: clinical@neuropathhealth.com

Privacy Policy

We’re building NeuroPath Health for families and institutions that have every reason to be careful with data — children with disabilities, their medical records, and the adults who advocate for them. We take that seriously.

What we collect. Depending on the deployment, NeuroPath Health may collect: staff and family account information (name, email, role), product usage telemetry, behavioral observation logs entered by authorized staff, and — in hospital and family deployments — clinical information imported with explicit consent (e.g., MyChart connections made by a parent for their own child).

What we don’t collect. In school deployments, we do not require or ingest Protected Health Information. Student records used for behavioral support are scoped to educational data governed by FERPA.

How we use data. We use data solely to deliver the product to the customer who provided it, to improve the product, and — where permitted and de-identified — to support research that advances the science of behavioral support. We never sell personal data. We don’t use family or student data to train third-party large language models.

Your rights. You can request access to, correction of, or deletion of your data at any time. For school and hospital deployments, the institution (district / hospital) is the data controller; we act as a processor under a Data Processing Agreement (DPA).

Data residency. United States.

Formal policy document: A full Privacy Policy and DPA template are being finalized in partnership with counsel. For the current draft or a deployment-specific DPA, contact us directly.
Privacy questions, data requests, or DPA: privacy@neuropathhealth.com

Terms of Service

NeuroPath Health is provided as a software-as-a-service tool for authorized institutional customers (schools, hospitals, clinics, care agencies) and, in limited preview, for families of children with behavioral support needs.

Customer data ownership. Your data is yours. Institutions retain ownership of their records; families retain ownership of their child’s records. NeuroPath Health acts as a processor and holds no residual rights to customer data beyond what is necessary to deliver the service.

Acceptable use. NeuroPath Health is a clinical decision support tool, not a replacement for professional clinical judgment, emergency services, or mandated reporting. The product is designed with hard-coded safety triggers that escalate to human authorities in crisis scenarios; those safeguards are not bypassable.

Service availability. We do not currently publish a formal SLA. Pilot agreements include service-availability expectations appropriate to the deployment. A published SLA will accompany our general-availability launch.

Pilot agreements. Pilot deployments are governed by a written agreement that covers scope, data handling, access, term, termination, and any customer-specific compliance requirements. We do not rely on clickthrough terms for institutional customers.

Formal Terms of Service: A complete Terms of Service and Master Services Agreement are being finalized. For the current draft or a pilot-stage agreement, contact us directly.
Legal / contracts: legal@neuropathhealth.com
Pilot-stage disclosure. NeuroPath Health is in early pilot phase. The documentation above reflects our current posture and commitments. Several formal artifacts — full Privacy Policy, Terms of Service, SOC 2 attestation, published SLA — are in active development. We publish this page transparently because we’d rather under-claim today and over-deliver at launch. For any institutional buyer, procurement review, or family with a specific concern, we’re available by email and happy to walk through our current program in detail.