AI Processing Boundaries
N1 Precision includes optional AI-powered analysis features. All AI calls route through AWS Bedrock, which hosts Anthropic’s Claude models and Amazon Nova inside an AWS HIPAA-eligible environment. We do not call any consumer AI API directly.
BAA Status — covered
Amazon Web Services has a Business Associate Agreement (BAA) with Veda-Tegrity LLC that covers AWS Bedrock. This means every Claude and Nova invocation we make happens inside a HIPAA-compliant processing boundary. AWS is contractually bound by the BAA to handle PHI in accordance with HIPAA Privacy and Security Rules.
Your data is never used to train external AI foundation models such as Claude or Nova. Per AWS Bedrock policy and the Bedrock terms under which Anthropic and Amazon make their foundation models available, customer prompts and completions are not used to train or improve any AWS or third-party foundation model. Your inputs are not stored by Bedrock beyond the processing of your request and are not reviewed by human operators.
How we improve our detection pipeline
Separate from the external AI training question above: N1 Precision uses aggregate statistical patterns across the user base to tune and validate our detection pipeline — calibrating detector thresholds, validating detector outputs against real-world signals, and developing new detectors. This is an inherent part of the service we provide. Storing, processing, analyzing, and continuously improving the detectors that run on your data costs real money; aggregate pattern use inside our BAA-covered infrastructure is how we operate and improve the product you are using. By using N1 Precision, you agree to this operational use of aggregate patterns.
What this is not: it is not machine learning in the foundation-model sense. Our detectors are deterministic statistical code, not trained neural networks. Your individual records never leave N1’s AWS BAA-covered infrastructure and never cross patient boundaries through this process. Only aggregate statistical properties inform the code that ships back to all users.
What the AI Receives
When you initiate an AI request, a sanitized summary is sent to Bedrock. The summary includes your age in whole years (never the full birth date), gender, diagnoses, current body weight, aggregated seizure statistics, medication names and dosages, and structured clinical notes — identified only by an anonymous internal account identifier, never by name, email, phone, or address. Even though Bedrock operates under a BAA, we apply this minimization as defense-in-depth.
The biography / medical history field is NEVER sent to any AI model. Your full date of birth is also never sent; only your age in years. These exclusions are enforced at two layers: the code that builds the AI context never adds them, and a server-side sanitizer strips them again before anything is transmitted, as a second line of defense.
Delegated Access
When you share your data with a caregiver or clinician through delegated access, AI features on that shared data require your explicit AI processing consent. Without consent, AI features are completely disabled for that data. This consent is separate from the general Data Sharing grant and can be revoked at any time from Settings.
Data Retention by Bedrock
Per AWS Bedrock policy, the prompts we submit and the completions we receive are not used to train or improve any AWS or third-party foundation model, are not retained by Bedrock beyond the processing of the request, and are not reviewed by human operators. AI features are entirely opt-in — no data flows to Bedrock unless you explicitly initiate an analysis.
All AI-generated outputs are informational only and do not constitute medical advice, diagnosis, or treatment recommendations. You should always consult your healthcare provider before making decisions based on AI-generated summaries.