Safety is the product,
not an afterthought.
Mental health AI carries real stakes. Citt.ai was built with crisis detection, human oversight, and clinical accountability at its foundation, not bolted on later.
Operating targets
Targets are evaluated via automated adversarial test suite (CEP v2). Automated adversarial test suite (CEP v2)
Latest measured performance
These figures come from the latest persisted CEP v2 evaluation run, not marketing copy.
The Citt Safety Architecture
Four layers that work together to ensure no patient in distress falls through the cracks.
Crisis Detection on Every Message
quickRiskCheck() runs before AI processing on web chat, stream, secure-route, media captions, feedback, WhatsApp, and multi-agent patient paths. It covers suicidal ideation, self-harm, abuse, and explicit crisis language.
Human in the Loop
Every AI output carries provenance and confidence scores. Therapists review, approve, or override AI-generated clinical content. Crisis events trigger immediate therapist notification.
Full Audit Trail
Every safety decision, crisis event, and clinical action is logged with timestamps, user IDs, and context. Immutable audit log for clinical accountability and regulatory review.
Privacy-Sensitive Data Handling
Encryption, access controls, audit logs, and vendor controls support privacy-sensitive care environments and HIPAA-regulated deployments.
Tested against attacks designed to defeat it
Our CEP v2 evaluation framework includes dedicated test cases for the failure modes that have caused harm elsewhere: obfuscated crisis language, jailbreak attempts, and gradual escalation patterns. Obfuscation and gradual escalation are evaluated here; the live hot path remains deterministic.
What the live runtime does and does not claim
How patient records are created
Therapists can run their full practice in Citt.ai, including for patients who have not yet signed in to the patient portal. We gate every patient-facing feature behind an explicit claim step and keep AI access linked to a therapist or clinic that is responsible for the clinical purpose and oversight model.
Managed records
A therapist on Plus or Full Access can add a patient by name and email. The record supports scheduling, notes, billing, and transcription. Until the patient claims, no chat, check-ins, assessments, or WhatsApp messages are sent to them.
Claim attaches identity
When the patient is ready, the therapist sends a claim invite. The invite is a 14-day, single-use, HMAC-hashed token. Claiming attaches authentication credentials to the existing record. We do not create a second account or duplicate the data.
Cross-tenant safety
If the patient's email is already on another therapist's roster, the new therapist gets the same response shape as a brand-new creation. No cross-tenant data is revealed. Every cross-tenant link is logged at high severity, the patient is notified where they have claimed, and prior therapists receive a heads-up.
Therapist-led access and joint controllership
For managed records and patient-facing AI flows, the therapist or clinic determines the clinical purpose while Citt.ai determines essential platform means such as hosting, AI infrastructure, safety tooling, subprocessors, and retention architecture. The patient-facing chat, check-ins, and assessments are not standalone Citt.ai care; they stay linked to a clinician or clinic that keeps the patient active for regular therapy, maintenance support, or a similar oversight arrangement.
Data Practices
We are transparent about who processes your data and why. We maintain contractual and privacy terms for the services listed below and provide DPA materials for customer review on request.
| Sub-processor | Purpose | Data Categories | Location | Safeguard |
|---|---|---|---|---|
| AWS (database and storage) | Database and object storage | Account data, patient-care data, files, logs | US / EU | Encryption, access controls, contractual terms |
| OpenAI | AI chat responses, transcription | Conversation content, prompts, transcription payloads | US | Contractual controls, no training on API customer data by default |
| AWS (application hosting) | Application hosting | Infrastructure processing and operational logs | US / EU | Encryption, access controls, contractual terms |
| Stripe | Payment processing | Payment tokens, subscription metadata | US | PCI DSS Level 1 |
| Demo scheduling, optional calendar integrations, and consent-gated website measurement | Demo-booking contact details, calendar metadata, device identifiers, and consented website measurement data | US / EU | Consent gating where applicable, contractual terms, and vendor transfer commitments | |
| Meta (WhatsApp Business) | Messaging channel | Messages (when opted in) | US / EU | Platform terms, DPA commitments |
| Resend | Transactional email | Email addresses, notification content | US | SOC 2, TLS encryption |
| Mailgun | GTM outbound email | Email addresses, marketing content | EU | SOC 2, GDPR DPA |
| Deepgram | Real-time transcription | Audio streams where transcription is enabled | US | Contractual restrictions and security controls |
Evaluating Citt.ai for your organisation?
We provide full technical documentation, safety architecture whitepapers, and can arrange a clinical review for health system procurement teams.