Safety is the product,
not an afterthought.
Mental health AI carries real stakes. Citt.ai was built with crisis detection, human oversight, and clinical accountability at its foundation, not bolted on later.
Safety goals we design around
We test these goals with automated safety checks that include crisis messages, safe reassurance, and attempts to phrase risk indirectly. We also run an internal multi-turn evaluation (CEP v3) on curated offline transcripts to review assistant behaviour across a conversation — those results are not published as live guarantees.
Latest published safety check
When a safety check has been published from the production reporting system, we show whether it met the safety goals rather than presenting any test result as a guarantee of perfect safety.
Run: 6/10/2026 · Test set standard:600;adversarial:128. Raw test outputs are used internally for review; public claims stay deliberately cautious.
How Citt.ai Keeps Patient Support Safe
Four layers that work together to ensure no patient in distress falls through the cracks.
Risk checks before AI replies
Patient messages are checked for signs of suicidal thoughts, self-harm, abuse, severe distress, and other urgent risk before the AI response is generated.
Therapists stay in control
Citt.ai supports the therapist-patient relationship. Therapists can review patient activity, approve clinical content, and receive urgent notifications when risk is detected.
Accountable record keeping
Important safety events and clinical actions are recorded with time, user, and context so the care team can understand what happened.
Privacy-sensitive data handling
Encryption, access controls, audit logs, and contractual vendor controls support sensitive care environments and regulated deployments.
Platform safety in practice
Aggregate counts only. No individual patient data.
Tested against the ways risk can be missed
We test more than obvious crisis phrases. The suite includes disguised wording, attempts to push the AI toward unsafe advice, and conversations where risk builds over several messages. We publish these areas separately because they are harder than direct crisis detection and should not be overstated.
Where we are careful about claims
How patient records are created
Therapists can run their full practice in Citt.ai, including for patients who have not yet signed in to the patient portal. We gate every patient-facing feature behind an explicit claim step and keep AI access linked to a therapist or clinic that is responsible for the clinical purpose and oversight model.
Managed records
A therapist on Plus or Full Access can add a patient by name and email. The record supports scheduling, notes, billing, and transcription. Until the patient claims, no chat, check-ins, assessments, or WhatsApp messages are sent to them.
Claim attaches identity
When the patient is ready, the therapist sends a secure, single-use invite link. Claiming attaches the patient's sign-in details to the existing record. We do not create a second account or duplicate the data.
No practice can see another practice's data
If the same email is already connected to another therapist, Citt.ai does not reveal that relationship. Any approved linking is logged, and claimed patients can be notified about access changes.
Who is responsible for care and platform operations
For patient-facing AI flows, the therapist or clinic remains responsible for the clinical purpose of care. Citt.ai provides the secure platform, safety checks, hosting, trusted service providers, and retention controls. Patient chat, check-ins, and assessments are not standalone therapy outside your relationship with your clinician; they stay linked to that clinician or clinic.
Practical answers before you use Citt.ai with patients
These are the questions therapists usually ask when they are deciding whether Citt.ai can fit safely into real clinical work.
Do you verify that therapists are licensed?
Citt.ai is for licensed therapists, mental health professionals, and authorised clinic representatives. During signup, therapists confirm that they are licensed and accept the therapist terms, which require accurate licence and registration information. Citt.ai may verify eligibility and may suspend access if verification fails.
Is Citt.ai standalone therapy?
No. Citt.ai is therapist-supervised practice software and between-session support. Patient-facing AI stays linked to a therapist or clinic responsible for the clinical purpose and oversight model. Citt.ai does not provide clinical services, replace professional judgement, or act as an emergency service. Patients can read the patient terms for the same boundary in patient-facing language.
Are session recordings stored?
Uploaded transcription audio is processed ephemerally and is not intentionally retained after processing. Citt.ai stores the resulting transcript and related metadata. When real-time transcription is enabled, audio streams are sent to the transcription provider while the feature is running. The retention summary is in our privacy policy.
Are transcripts and clinical notes stored?
Yes. Transcripts, speaker segments where available, clinical notes, summaries, assessments, check-ins, and related patient-care records are stored so therapists can review care history, generate notes, prepare for sessions, and maintain records. Transcript access and updates are audited.
Can therapists export records if legally required?
Record access and export requests are supported through the therapist or clinic and Citt.ai. Requests involving clinical records are usually led by the therapist or clinic, with platform assistance from Citt.ai. We do not describe this as a one-click self-service legal export today. The routing is explained in the therapist privacy information.
What can patients request or delete?
Depending on location, patients may request access, correction, erasure, export, restriction, or objection to certain processing. Clinical-content requests are normally handled by the therapist or clinic with Citt.ai support. Some records may be retained or archived for clinical-record, billing, safety, security, or legal reasons. WhatsApp and Facebook-linked requests can also start from the data deletion page.
Who owns chats, notes, transcripts, and AI insights?
Patient conversational data remains the patient's content. Therapist-created clinical content and practice records remain part of the therapist or clinic's clinical record, subject to the limited rights Citt.ai needs to operate the platform. Citt.ai owns or licenses the platform technology itself and does not claim ownership of user-provided conversation content.
Can therapists use licensed or paid assessment measures?
Citt.ai currently includes PHQ-9, GAD-7, PSS, WHO-5, UCLA-Loneliness, and MSPSS as standard assessment types. Therapists should only upload, copy, or configure assessment content they are legally allowed to use. Citt.ai does not grant rights to paid, restricted, or third-party measures.
What happens if a patient sends a crisis message?
Patient-facing messages are screened before AI replies. If a crisis signal is detected, Citt.ai returns region-aware crisis guidance, creates a care record, opens a therapist alert, and emails the assigned therapist when contact details are available. Citt.ai is not an emergency service, and therapists remain responsible for their clinical response pathway.
Can safety checks be disabled?
No. Therapists can configure the patient support style and persona, but crisis and safety checks are not optional. The therapist terms prohibit attempts to bypass, disable, or interfere with safety or crisis detection outside the product's intended clinical controls.
Data Practices
We are transparent about which services help operate Citt.ai and what each service is used for. Data processing agreement materials are available for customer review on request.
| Service provider | Purpose | Data handled | Location | Safeguard |
|---|---|---|---|---|
| AWS (database and storage) | Database and object storage | Account data, patient-care data, files, logs | US / EU | Encryption, access controls, contractual terms |
| OpenAI | AI chat responses, transcription | Conversation content, prompts, transcription payloads | US | Contractual controls, no training on API customer data by default |
| AWS (application hosting) | Application hosting | Infrastructure processing and operational logs | US / EU | Encryption, access controls, contractual terms |
| Stripe | Payment processing | Payment tokens, subscription metadata | US | PCI DSS Level 1 |
| Demo scheduling, optional calendar integrations, and consent-gated website measurement | Demo-booking contact details, calendar metadata, device identifiers, and consented website measurement data | US / EU | Consent gating where applicable, contractual terms, and vendor transfer commitments | |
| Meta (WhatsApp Business) | Messaging channel | Messages (when opted in) | US / EU | Platform terms and data processing commitments |
| Resend | Transactional email | Email addresses, notification content | US | SOC 2, TLS encryption |
| Mailgun | Outbound introductory email | Email addresses, marketing content | EU | SOC 2, GDPR data processing agreement |
| Deepgram | Real-time transcription | Audio streams where transcription is enabled | US | Contractual restrictions and security controls |
Evaluating Citt.ai for your organisation?
We provide full technical documentation, safety architecture whitepapers, and can arrange a clinical review for health system procurement teams.