Trust & Security
Powered by your policies. Nothing else.
Not the internet. Not another organisation's documents. Not guesswork. Here is exactly how CareStreamAI works, and why you can trust it with your compliance-critical information.
How the AI Works
Explained for every audience.
For everyone
Think of CareStreamAI as a colleague who has read every policy in your library, and nothing else. When a member of your team asks a question, CareStreamAI searches your policy library, finds the most relevant sections, and uses them, and only them, to write the answer. It does not search the internet. It does not use general knowledge. It does not guess.
For operations and quality leads
CareStreamAI uses Retrieval Augmented Generation (RAG), the gold standard for AI systems that need to answer from a specific, trusted document set. Every query searches your private policy index first. The AI receives only the retrieved content as its input, and is explicitly instructed not to use anything outside it.
For boards and legal leads
CareStreamAI's architecture eliminates the primary governance risk of AI in professional settings: confident but incorrect answers. Every response is bounded by your approved documents and logged in an immutable audit trail. The system cannot contradict your policies. It cannot extend beyond them.
What We Promise
Your data, seven commitments.
Complete data isolation
Your policy library, query history, and staff data are in a private environment that no other subscriber can access, ever.
Never used for AI training
Your documents and query data are never used to improve AI models. This is a contractual commitment.
Encrypted at rest and in transit
All data encrypted using AES-256 at rest and TLS 1.3 in transit.
UK data residency
All data stored within UK/EEA regions. No transfer outside these regions.
UK GDPR compliant
CareStreamAI operates in full compliance with UK GDPR. A Data Processing Agreement is provided to all subscribers.
Immutable audit log
Every query and every system action is logged in an append-only format. Logs cannot be edited or deleted.
12-month retention default
Query logs retained for 12 months by default, then auto-deleted. Retention period is configurable.
Common Questions
Security questions, answered.
Will the AI make things up?
No. CareStreamAI is explicitly designed to prevent this. If no relevant policy is found, it says so, it does not generate content from general knowledge.
Can other organisations see our policies?
No. Your policy library is completely isolated. No other subscriber can access it in any form.
Is our data used to train AI models?
No. Your data is never used for AI training. This is a contractual commitment.
What if our policy has an error in it?
CareStreamAI will accurately reflect what your policy says. This surfaces the need to keep policies accurate, which is the right incentive in a compliance setting.
What happens when we update a policy?
The old version is immediately retired from the retrieval system. All subsequent queries return answers based on the new version. The old version is retained in your audit archive.