SECURITY · INFRASTRUCTURE · COMPLIANCE
your clinical material, treated as sacred.
nexmin is a copilot that listens with you. For that listening to never become a risk, the entire architecture starts from the sovereignty of the therapist and the consultant over their data.
What follows are the technical decisions that uphold that promise.
DATA · WHERE IT LIVES
1. infrastructure entirely within the european union.
All of nexmin runs on Google Cloud’s European network. The application is served from Belgium and clinical data lives in an encrypted database with customer-managed keys in Madrid. Your material never crosses the European border at any point in the process.
- Application server in europe-west1 (Belgium)
- Encrypted database in europe-southwest1 (Madrid), with customer-managed keys (CMEK)
- Enterprise-grade DPA signed with Google Cloud
- No international transfer of clinical data
ENCRYPTION · ALL LEVELS
2. whatever gets written, gets written encrypted.
Encryption in transit (TLS 1.3) is taken for granted across the industry. nexmin adds a second layer of encryption inside the database itself, over the fields that may hold clinical material: audio, transcripts, notes, summaries, biomarkers, hypotheses.
If one day an attacker reached the database, they would find unreadable text. And the encryption key lives separately from the storage, not alongside the data.
- TLS 1.3 on every connection
- Column-level encryption (Fernet, AES-128-CBC + HMAC) over 47 fields holding clinical material
- Encryption keys stored separately and rotatable
- Audio segregated in a bucket distinct from the main database
TRAINING · NEVER
3. your material trains no one.
The AI that listens to your sessions is Gemini, on Google Cloud Vertex AI, contracted under the enterprise no-training tier. Neither the audio, nor the transcript, nor the clinical drafts are used to train public models. Neither Google’s. Nor ours.
Processing is ephemeral: the AI reads, writes the draft, and forgets.
- Vertex AI with explicit no-training flag
- Ephemeral processing, no retention by the provider
- Contractually binding DPA with Google Cloud
- Zero use of your material to improve base models
ACCESS · TWO-FACTOR
4. getting into your practice takes more than a password.
nexmin supports standard two-factor authentication (TOTP), compatible with any authenticator app you already have installed — Google Authenticator, 1Password, Authy, Microsoft Authenticator.
The organization admin turns it on for themselves; each therapist enables it whenever they want from their profile. A sound habit, especially after an incident with your previous provider.
- Standard TOTP 2FA (RFC 6238)
- Secret encrypted at rest, decrypted only at the moment of verification
- Rate-limiting against brute-force attempts
- Compatible with any TOTP authenticator app
TRUST LOOP · YOUR SIGNATURE OVER EVERYTHING THE AI PROPOSES
5. no draft is saved without your approval.
This is the central doctrinal decision of nexmin: the AI proposes, you decide. Every draft generated by the engines — Scriba synthesis, Holter cartography, vocal phenotype, Pensa, first-session extraction — reaches your screen as an editable proposal. Until you approve, nothing cements into the consultant’s record.
And if you later unlock a closed note to review it, everything becomes editable again. Your human signature is always the canonical version.
- Every AI engine passes through in-line validation before cementing
- Granular edit of each field before approving
- Closed notes can be reopened to correct
- The human version is the canonical one for everything downstream
TRACEABILITY · WHO ACCESSED WHAT
6. auditable access on request.
Every access to clinical information is recorded in immutable logs. If at any point you need to know who consulted what and when — because the consultant requested it, an incident, or an external audit — we provide the extract.
- Immutable logs of every access to clinical information
- Every AI call is recorded internally with its cost and responsible party
- Access extract available on request
RETENTION · YOU DECIDE HOW MUCH TO KEEP
7. three modes. you pick the one that respects your ethical frame.
nexmin does not decide for you. The audio retention policy is configured per organization or per individual consultant, depending on the context.
- Ghost mode — the session is not recorded; after the session you record a brief summary audio, nexmin works on that, nothing of the audio remains
- Standard mode — the session is recorded so the AI can listen, after the analysis the audio is deleted, the note remains
- Retention mode — the session is recorded, analysed, and the audio is kept in case you later need to review a moment, re-analyse with a new protocol, or attend to a request
COMPLIANCE · EUROPEAN LAW AS THE BASELINE
8. gdpr, lopdgdd, spanish patient autonomy act, eu ai act.
nexmin was born in Europe, with European regulation as the baseline of the architecture, not a checkbox at the end. As a practising psychologist, you receive all compliance out of the box, and a template for informed consent for AI recording already integrated into the platform, ready to hand to the consultant.
- GDPR + Spanish LOPDGDD compliance
- Spanish Patient Autonomy Act (Ley 41/2002 — patient autonomy and clinical documentation)
- EU AI Act (Regulation 2024/1689) — applicable to AI in healthcare
- Informed consent template for AI recording, integrated in the platform
- DPA signable on request
- Right to full data export at any time
NEED ANYTHING ELSE?
if you have questions about any technical point, write to us.
To request the signed DPA or go deeper into any specific architectural detail, write to hola@nexmin.ai.
The complete privacy policy, with the legal detail of data processing, lives at /privacidad.