Skip to main content

Data handling

Summary of data in Veridian Motion. See Data model & privacy for detail.

What we collect

DataSourcePurpose
Patient recordManual admin enrollmentAuthentication, roster
Patient ID + PIN hashEnrollmentPortal sign-in
Body-map selectionsPatient portalTriage context
Complaint textPatient portalTriage context
Questionnaire responsesPatient portalTriage context
Posture photos (up to 4)Patient portalPT review
AI exercise planServerPT review until approved
PT notesPTClinical record; optional patient share
MessagesStaff + patientAppend-only internal record
Staff accounts + rolesAdminDashboard access
Audit eventsPlatformHash-chained; no PHI in payload

What we do not collect in logs

  • Clinical narrative in application logs
  • Raw photos in audit entries
  • AI prompt/response content in standard logs

Where data lives

United States regions via Lovable Cloud / Supabase unless dedicated environment under contract.

Retention and deletion

Per agency agreement. Export window at contract end; deletion procedures and certificates on request.

PDF export

Staff may export assessment PDF from the dashboard. No automated email export in the current release.

What’s next

HIPAA

BAA framing.

Incident response

Incident procedures.