Vaultus is a clinical safety verification tool for AI-generated SOAP notes. When a provider submits a note for verification, Vaultus evaluates it against deterministic safety rules and returns results in real time.
Vaultus does not store patient health information (PHI). SOAP notes submitted for verification are processed in memory, safety signals are extracted, and the note text is destroyed immediately. We cannot retrieve, replay, or reconstruct any note after verification.
We retain de-identified safety signals only:
If you create a Vaultus account, your email is collected for rule updates and product announcements only. It is encrypted at rest (Fernet AES-128) and stored separately from safety signal data. Your email is never linked to individual catch records, never sold, and never shared with third parties.
Vaultus sets one cookie (vaultus_token) to identify your provider session. This cookie is HttpOnly, Secure, and SameSite=Lax. It contains a random token — not your name, email, or any identifiable information.
De-identified safety signal data — which rules fired, resolution patterns, and aggregate prescribing data — may be licensed to clinical research organizations, quality improvement groups, and healthcare analytics partners. This data is completely de-identified before storage. No patient information, note content, or provider identity is ever included.
The Vaultus Chrome extension reads SOAP note content from the active browser tab to perform safety verification. Note content is sent to our verification server over HTTPS, processed in memory, and destroyed immediately. The extension does not access browsing history, bookmarks, passwords, or any data outside the active clinical note.
Vaultus is designed to be HIPAA compliant. We do not create, receive, maintain, or transmit protected health information as defined under HIPAA. A Business Associate Agreement (BAA) is available on request.
For privacy questions: norm@vaultusclinical.com