AI Processing Security
How AI analyzes your data and what protections we have in place
Think of our AI like a private assistant who analyzes your sessions but never gossips or remembers details afterward. Your coaching content is processed to generate insights, but it's never used to train AI models or shared with other coaches.
How AI Processes Your Data
Analysis Workflow
Your sessions go through a secure, multi-step process to generate insights while protecting your data:
1 You upload a session transcript to JourneyLoop
2 Transcript sent securely (TLS 1.2+) to AI provider (Anthropic Claude or OpenAI) for analysis
3 AI generates insights: emotional signals, action items, session summary, wisdom nuggets
4 Generated insights returned to JourneyLoop and stored in your encrypted database
✓ AI provider does not store your transcript or coaching content
Zero Training Policy: Your coaching content and methodologies are never used to train AI models. Each coach's data remains completely isolated.
What Gets Stored Where
Understanding data flow helps you know exactly where your information lives:
Stored in JourneyLoop
Session transcripts, insights & summaries, action items, emotional signals, wisdom nuggets
NOT Stored by AI Providers
Session transcripts, client information, coaching methodologies, coaching content
Zero AI Training Policy
Your coaching content and methodologies are your intellectual property. We never use your data to train AI models or improve our systems. Here's what that means:
No Model Training
Your session transcripts and coaching insights are never used to fine-tune or train AI models. They're processed one-time only to generate insights for you.
No Cross-Coach Learning
AI doesn't learn from your coaching style to help other coaches. Each coach's data is processed in complete isolation—no patterns or insights are shared.
Contractual Guarantees
Both Anthropic and OpenAI provide API enterprise terms that prohibit using customer data for model training. We only use API endpoints with these guarantees.
You Own Your Content
All coaching content, methodologies, and insights remain your intellectual property. AI processing doesn't change ownership or create derivative rights.
AI Vendor Security
We work with industry-leading AI providers who maintain enterprise-grade security practices and comply with strict data protection standards.
Anthropic Claude (Primary)
We use Anthropic Claude as our primary AI provider for generating coaching insights.
SOC 2 Type II certified for security, availability, and confidentiality
Data is not used to train models (contractual guarantee via API terms)
Data deleted after processing (temporary retention only for abuse monitoring)
Encryption in transit and at rest
OpenAI (Secondary)
OpenAI provides secondary analysis capabilities for specialized use cases.
SOC 2 Type II certified
API data not used for model training (enterprise API terms)
Data retained for 30 days for abuse monitoring, then deleted
Encryption in transit and at rest
Note: We use different AI providers for different analysis types based on their strengths. All providers maintain enterprise-grade security and no-training guarantees.
Your Control Over AI Processing
You have complete control over what data AI processes and can opt out of AI features entirely.
Granular Processing Controls
You decide exactly which sessions and features use AI analysis:
Session-Level Choice
Choose which sessions to analyze—not all sessions require AI processing
Feature Toggles
Enable or disable specific AI features (insights, action items, etc.)
Complete Opt-Out
Disable all AI processing—use JourneyLoop as a pure session management tool
Delete AI Content
Remove AI-generated insights anytime—original transcripts remain
Client Consent Management
Clients can consent to or decline AI processing of their session data. You can track consent status and only process sessions where consent has been granted.
What AI Providers Never Receive
We actively filter sensitive data to ensure certain information never reaches AI providers:
Payment Information
Credit card details, billing information, and payment processing data never sent to AI providers. All financial data remains isolated in our secure payment systems.
Authentication Credentials
Passwords, API keys, OAuth tokens—never included in AI analysis requests. These stay in secure, encrypted storage and are never transmitted to external services.
System Logs & Metadata
Technical system information, error logs, and infrastructure metadata are kept separate from AI processing to maintain security and prevent data leakage.
Related: HIPAA Vendor Compliance
As we build HIPAA compliance, we're evaluating Business Associate Agreements (BAAs) with our AI providers to ensure they meet healthcare data protection standards.
View HIPAA Considerations