AI Trust & Data

Your data trains nothing.

The plain-English answer to the one question worth asking before you let AI near a session: where does my clients' data go? Five promises — written into our contract, not just onto this page.

Start your free trial Book a demo

30-day free trial · No credit card required · Read the No AI Therapist Pledge

You already made up your mind about AI for the easy stuff. Most therapists have — a 2026 practice runs on AI for scheduling reminders, superbill formatting, the dull edges of admin. The clinical work is where the line goes hard, and it goes hard for a reason that has nothing to do with whether the software saves you time. It's a different question, and it's the only one that matters here: can I defend this to the person sitting across from me?

An EHR is the hardest place in the field to answer that honestly, because an EHR sits on the richest material anyone could want — not a summary, not a score, but the session itself, in your words and theirs. The trust bar here is higher than anywhere else in your stack. So this page doesn't open with what our AI can do. It opens with where your clients' data goes, and where it doesn't.

One move first, because the whole industry uses it. When a vendor reassures you about AI and data, watch the adjective. The promise is almost never "we won't use your patients' data." It's "we won't use your patients' identifiable data" — and that one word is a door, not a wall. This hub answers without that escape hatch. Five promises, plain, scoped to what we control, each one you can hold us to.

Promise 1

We sign a BAA

The objection: is this even HIPAA-legit?

A Business Associate Agreement is the contract HIPAA requires whenever a vendor creates, receives, maintains, or transmits protected health information on your behalf (45 CFR Part 164, and the HHS HIPAA for Professionals guidance). It makes a vendor legally accountable for the data — not a checkbox, a liability. CoralEHR signs one. You can read the current standard form, and request a countersigned copy, at /baa/. For why a BAA matters in solo practice, our HIPAA guide for private-practice therapists walks through it. The AI provider that powers our note drafting operates under that same BAA chain of subprocessors.

Here's the framing that matters, though: a BAA is the floor, not the ceiling. It makes us legally liable for mishandling your data. It does not, by itself, promise we won't train on it, won't require you to record sessions, or won't quietly change the rules after an acquisition. Plenty of vendors sign a BAA and still reserve broad data rights elsewhere. So the BAA is where this page starts. The next four promises are what we do beyond it.

Promise 2

No session recording required

The objection: do I have to tape my clients for the AI to work?

Recording a therapy session changes the room. The moment a client knows the words are being captured to disk, something shifts — and you're the one who has to manage that shift, every session, forever. So the honest first question about any AI note tool isn't "how good is the draft," it's "what does it need from the session to produce one?"

CoralEHR's AI note help drafts from what you type — your scratchpad notes and the structured chart — not from an audio recording or transcript. No recording or transcription is required for it to function.

The honest contrast, quoted from the competitor's own page and framed factually: SimplePractice's AI "Note Taker" is an ambient scribe — its note-draft workflow is built on recording and transcribing the session itself, with transcript-retention controls described in its own support docs (Note Taker FAQs). We do not say they record you without consent. We say: their scribe works by recording and transcribing the session; ours does not require that. If session recording fits your practice, that's a legitimate choice — it's just a choice you should make on purpose, not inherit by default.

Promise 3 — the core claim

Your data trains nothing

The objection: will my clients' words end up inside someone's model?

This is the ownable promise, and we'll state it without an adjective hiding in it: your clients' data — notes, transcripts, assessments, messages, any PHI — is never used to train, fine-tune, or evaluate any shared or foundation model. Not the identifiable version. Not a "de-identified" version. Not an aggregated version. This is Pledge planks #1 and #2, said plainly.

The honest softener — this is conditional, and we represent it as conditional. Plank #2 is not an unconditional, end-of-time "never." Here is exactly what it is: today, the answer is simple — we don't. We won't change that without your explicit, opt-in, revocable consent, and we'll tell you, out loud and in advance, before we ever do. We won't dress that up as an absolute we can't honestly make. What we can make absolute is the part we control today: right now, your data trains nothing, and the only path that ever changes it runs through your own, revocable yes.

Where your data actually goes. Our AI runs on Anthropic's first-party Claude API through a single, enforced provider path — your data is not routed to other model providers, and under our agreement your inputs are not used to train the model. Your note content lives in the patient's chart under our BAA — it isn't sold, shared for advertising, or fed to a foundation model. AI-drafted treatment plans are deleted automatically after 30 days.

Why "trains nothing" is stronger than "trains only on de-identified data." The industry's comfortable phrase is "de-identified." But a psychotherapy note does not de-identify the way a billing code does. The story of a person's life, in their clinician's words, is a fingerprint — strip the name and the session is still unmistakably theirs. "De-identified" is a door, not a wall. "Trains nothing" closes the door.

The competitor contrast — fair, dated, each quote from the page that contains it. SimplePractice's own de-identification page (published June 3, 2026) states it "may de-identify data to help build and improve tools for our customer base" and that "de-identified transcripts will be used to improve Note Taker and related AI features" under HIPAA Safe Harbor. Separately, on its transcript-retention FAQ, SimplePractice states that retained transcripts are not sold and that personal health information is never sold. Both are SimplePractice's own statements, and we represent them as written — we never say "they sell your data." The honest distinction is narrower and real: SimplePractice reserves the right to use de-identified transcripts to improve its AI features; CoralEHR's promise is that your data is used for nothing beyond your own practice — not even de-identified, not even to "improve" our tools.

Promise 4

A clinician signs every note

The objection: is the AI making clinical calls?

No. And this section states only what the product actually does:

✓ The clinician is the author of record. Our AI drafts, transcribes, summarizes, and suggests. It does not diagnose, and it does not decide. An AI-drafted note persists as a preliminary draft and never becomes part of the signed record until a licensed clinician has read it and signed it. (Pledge plank #4.)
✓ The guardrails are explicit, on every surface. Hard guardrails forbid the AI from offering a diagnosis, a treatment recommendation, a medication, or a prognosis — and from adding any fact that wasn't in what you gave it.
✓ Validated instruments are attached verbatim. When the AI references a measure like the PHQ-9 or GAD-7, it pulls the validated wording from a catalog — it can't reword it — and a PHQ-9 item-9 endorsement triggers a deterministic high-risk alert rather than anything left to the model's discretion.
✓ Even the AI's biggest output is a suggestion. Treatment-plan AI produces suggestions for clinician review — not a treatment plan.

That's the whole shape of it: a human name on every clinical word. Every suggestion is reviewable; the licensed clinician carries the judgment and the accountability, the way it should be. This is what "care you can defend" means in practice — not "the AI is careful," but I read it, I edited it, I signed it, and my license is on it.

Promise 5

It's in the contract — and it survives change of control

The objection: marketing pages can be edited. What actually binds you?

Fair. A web page is not a contract, and we won't pretend it is. So here is where these promises actually live:

✓ In the contract, not just on this page. The commitments belong in our Business Associate Agreement and our subscription terms, where breaking them has legal consequences — not on a marketing page we could quietly edit.
✓ They survive a change of control. They bind us, our successors, and our assigns. If CoralEHR is ever acquired or merged, the pledge goes with it. The acquisition loophole is where most privacy promises quietly die — we're closing it on purpose.
✓ No silent edits, and a real exit. Any material change comes with at least 90 days' written notice, a full export of your data in a portable, FHIR-compatible format, and the right to walk away without penalty.

This is the answer to the pattern that already cost real money. The FTC banned BetterHelp in 2023 from sharing customers' mental-health data for advertising and ordered $7.8 million returned to consumers, after it handed users' email addresses, IP addresses, and questionnaire answers to advertising platforms despite promising to keep them private. In 2024 the FTC ordered Cerebral to pay in excess of $7 million for exposing nearly 3.2 million people's sensitive data to ad and media platforms including TikTok, Snapchat, and LinkedIn — and for mailing roughly 6,000 postcards that revealed patients' diagnoses. Those were promises that lived only in a privacy policy — not in a contract, and not kept.

On compliance, the honest line — no SOC 2 claim as held. CoralEHR is HIPAA-compliant and signs BAAs. We are pursuing independent, third-party attestation appropriate to healthcare — SOC 2 Type II and HITRUST — and we will not self-grade those claims or render them as certified before they are earned.

Why this matters now

The appetite for the thing we're promising never to build is real and funded. Slingshot AI launched Ash, billed as "the first AI designed for therapy" and built on a special-purpose foundation model for psychology, on roughly $93 million raised. When Northern California Kaiser Permanente therapists asked for the same contract language their Southern California colleagues won in 2025 — that AI's role "is not to replace but to assist" them — the union says the company declined, part of why up to 2,400 clinicians struck on March 18, 2026 (Kaiser disputes the characterization, saying AI will not replace human assessment). And a Stanford study found that when a user signaled suicidal intent, leading "therapy" chatbots responded by naming the nearest tall bridges.

Read that last one carefully: it's about chatbots posing as the therapist — the exact thing our pledge promises never to build. It is not about AI note-drafting, which is what the promises above describe. We keep those two apart on purpose. The full argument lives at /pledge/.

How each AI feature works

Every surface is admin work — you review and sign, and the clinical judgment stays yours. See exactly what each does:

AI Clinical Notes → AI Treatment Plans → AI Progress Reports → Clinical Assistant → Assessment Scoring & Insights → My Voice →

See all AI features →

Frequently asked questions

Does CoralEHR train AI on my clients' notes or sessions?

No. Your clients' data — notes, transcripts, assessments, messages, any PHI — is not used to train, fine-tune, or evaluate any shared or foundation model, identifiable or de-identified or aggregated. Today the answer is simply: we don't. We won't change that without your explicit, opt-in, revocable consent, and we'll tell you in advance.

Do I have to record my therapy sessions for the AI to work?

No. CoralEHR's AI note help drafts from what you type — your scratchpad notes and the structured chart — not from an audio recording or transcript. No recording or transcription is required for it to function.

Does CoralEHR sign a Business Associate Agreement (BAA)?

Yes. You can read the standard form and request a countersigned copy at /baa/. A BAA is the legal floor for handling PHI — the rest of this page is what we do beyond it.

Does AI ever diagnose or decide on treatment?

No. The AI drafts, summarizes, and suggests; a licensed clinician reviews and signs everything before it enters the chart. Guardrails on every AI surface explicitly forbid diagnosis, treatment recommendations, medications, and prognoses, and treatment-plan AI output is framed as suggestions for clinician review, not a treatment plan.

Is CoralEHR SOC 2 certified?

CoralEHR is HIPAA-compliant and signs BAAs. We are pursuing SOC 2 Type II and HITRUST third-party attestation — not yet held. We never claim a certification we don't have.

What happens to these promises if CoralEHR gets acquired?

They bind our successors and assigns and survive a change of control. Any material change triggers at least 90 days' written notice, a full FHIR-compatible export of your data, and the right to leave without penalty.

How is this different from SimplePractice's AI?

On its own June 3, 2026 de-identification page, SimplePractice states that de-identified transcripts will be used to improve Note Taker and related AI features, and on its transcript-retention FAQ it states that retained transcripts and PHI are not sold. CoralEHR's promise is narrower and simpler: your data is used for nothing beyond your own practice — not even de-identified to improve our tools.

Which AI model does CoralEHR use, and is it barred from training on my data?

CoralEHR's AI runs on Anthropic's first-party Claude API through a single, enforced provider path — your data is not routed to other model providers. Under our agreement, your inputs are not used to train the model. Your note content lives in the patient's chart under our BAA — it isn't sold, shared for advertising, or fed to a foundation model.

See it for yourself

Start free in minutes, or book a demo to see where your data goes.