Patient consent when a bot assists your session: how we handle it

Let me open with the most important rule: when an assistive system listens to a clinical session, patient consent is not optional. Not as a technical matter, but because the foundation of the professional relationship rests on professional secrecy, and the patient has the right to know exactly who (or what) is listening.

This may sound obvious. In practice, many session transcription and summarization tools get incorporated into the professional's workflow without the patient knowing they are there. It is a practice we understand emerged for honest reasons — the professional wants to reduce administrative load, the tool is discreet, "it doesn't affect the patient" — but it does not meet the privacy and consent standards that regulations like GDPR, CCPA, and the ethical codes of professional associations expect.

Our position is different. And we want to explain it in detail, because the how matters.

The bot announces itself

Every time the co-pilot joins a video session, it announces its presence explicitly in the session language, within the first minute:

"This session is being assisted by CauceOS. Continuing implies consent." "Esta sesión está siendo asistida por CauceOS. Continuar implica consentimiento."

The message appears as a visible participant in the attendee list (with the product name), not as an invisible actor. If the patient asks what it is, the professional explains briefly: it is a system that helps the clinician during and after the session, listens to the conversation, makes no decisions, and operates under professional-grade confidentiality.

What the professional should do additionally

The bot's announcement covers technical consent, but it does not replace the professional's responsibility to explain to the patient, with sufficient detail, what the system is and what it is used for. We recommend that in the first session where CauceOS will be used:

1. Inform the patient before the session (ideally in the same intake form or informed consent): "I use an assistive system during sessions that helps me take notes and generate reports. You can ask not to use it in any session, and that will not affect your treatment."
2. Sign a written informed consent that includes use of the system, what is stored, for how long, and how it can be revoked.
3. Reiterate verbally at the start of the session the first few times it is used, until the patient is comfortable.
4. Respect the patient's right to ask not to use the system in a specific session — for example, a session where something particularly sensitive will be discussed.

This is not optional advice. It is the professional practice we expect from any clinician using CauceOS. If your patient does not know the system exists, the problem is not ours — it is yours.

What information is stored, exactly

For each session, the system stores:

• The raw audio (encrypted at rest, in private storage).
• The processed transcript, associated with the original timestamps.
• The alerts and observations the co-pilot generated during the session.
• The structured final report.
• Metadata: duration, date, participants (identified by their role, not necessarily by real name), detected language.

No derived biometric information is stored (voice prints, persistent emotional profiles), and your session transcripts are not used to train general models. This last guarantee is contractual and is signed with every practice that joins the product.

How long

The default policy: 90 days of full retention, after which:

• The audio is permanently deleted.
• The transcript and report are archived to lower-cost encrypted storage, accessible on demand but not for operational use.
• Aggregated metadata (how many sessions, what average duration) remains for billing and reporting.

The professional can configure a longer retention if local regulation requires it (for example, clinical records in some jurisdictions require 5 to 10 year retention) or shorter if their practice prefers.

Deletion on demand

This is a non-negotiable guarantee: a patient can request deletion of all their data at any time, and deletion is executed in under 30 days — usually under 7. The request can be made through the professional, who channels it from their admin panel, or directly to us if the professional is no longer available.

Deletion removes:

• The audio (if it still exists).
• The transcript and report.
• The associated alerts.
• Any copy in backup systems (this can take up to 30 days depending on the backup retention cycle).

The only thing preserved, in strictly aggregated and de-identified form, are billing metrics (how many sessions were processed in the month, without content) that we need for our own accounting. That information does not allow reconstructing any of the session content.

Compliance with applicable regulations

We operate to comply with the privacy regulations applicable to each jurisdiction where our users operate. In particular:

• GDPR when there are patients in the European Union: explicit lawful basis (data subject consent), rights of access, rectification, erasure, and portability, designation of a data controller.
• CCPA when there are patients in California: right of access, opt-out of any "sale" of data (which in our case is null because we do not sell data to third parties), right of deletion.
• Local data protection regulations in Latin American countries and elsewhere, as applicable to the professional.

The full list of regulatory frameworks we follow is in our privacy policy and terms of service. If your jurisdiction has a requirement we are not meeting, we want to hear about it.

What we do not do

To be explicit about the red lines:

• We do not sell session data to third parties. Ever. This is a contractual guarantee and a non-negotiable ethical commitment.
• We do not use real session transcripts to train general models that are later offered to the public.
• We do not share data with advertisers or "marketing intelligence" platforms. That is not our business model. We charge by subscription.
• We do not have backdoors for internal access to content. Team members cannot view real session transcripts without explicit client authorization, logged in audit.

A note on shared responsibility

Privacy compliance in an assisted session is not the responsibility of a single party. It works as a chain:

• We are responsible for secure infrastructure, transparency about what we store, deletion mechanisms, technical compliance with regulations.
• The professional is responsible for informing the patient, obtaining their consent, documenting that consent, and respecting the patient's decision if they ask not to use the system.
• The patient has the right to know, to decide, to revoke.

When this chain works, the clinical relationship is preserved. When one link fails, trust breaks. That is why we publish this in the open: so the part that is on us is verifiable, and the part that is on the professional is explicit.

If you have specific questions about how we handle a particular use case in your jurisdiction, write to us. It is exactly the kind of conversation we want to have.