Confidentiality & isolation
Client material is treated as sensitive health information — encrypted in transit and at rest, scoped to the signed-in practice, and isolated in the database with PostgreSQL Row-Level Security.
Safety & Security
Virtuosa runs entirely in Australia — data and AI inference stay in the AWS Sydney region. It is built to support confidentiality, privacy, and responsible use of AI in psychology practice. AI output remains a drafting aid, and final report approval remains with the psychologist.
Client material is treated as sensitive health information — encrypted in transit and at rest, scoped to the signed-in practice, and isolated in the database with PostgreSQL Row-Level Security.
Data and AI inference stay in Australia: PostgreSQL and S3 run in AWS Sydney and Claude runs on Bedrock's au.* inference profiles. The database is private (no public access) and reached over a VPC.
Drafts expose their source context, missing information and reasoning so the psychologist reviews and approves every report before it is used or shared.
AI provider gateway
Model calls are routed through the Go backend in Sydney, not the browser. That lets Virtuosa keep credentials private, enforce audit rules, and pin inference to Australian (au.*) Bedrock profiles.
Operational controls
Trust Centre
Virtuosa runs on a small set of vetted providers. Each publishes its own security and compliance material — reviewed here at face value, linked directly so you can verify.
Hosting and AI infrastructure — everything runs in the AWS Sydney (ap-southeast-2) region: the application, PostgreSQL, document storage (S3) and Claude inference on Amazon Bedrock.
AWS Compliance Programs ↗Maker of the Claude models Virtuosa uses. Models are served through Amazon Bedrock in Sydney — client content is processed in-region and is not used to train models.
Anthropic Trust Centre ↗Subscription billing. Stripe handles card details end-to-end; Virtuosa never stores payment credentials and no clinical content is shared with Stripe.
Stripe security documentation ↗Transactional email — password resets, team invitations, and report delivery when a clinician chooses to email a report.
Postmark security ↗