When you open mentalhealthGPT in your browser, a security process specially developed for sensitive therapeutic work begins in the background. A temporary key pair is created for your session - two perfectly matching key halves.

One half remains securely on our platform, the other is only transmitted to your browser for the duration of the session. After the session, both parts are automatically deleted. Each session receives a completely new pair.

As soon as you send a message or upload a file, your browser encrypts the content with its half of the key before it leaves your device. Your data is therefore encrypted first - and only then transmitted. You will only reach us in this protected form.

Our system can only decrypt the content because it has the exact second half of the key. The two parts are never stored together, never reused and never stored outside their respective environments.

For you, mentalhealthGPT looks like a familiar chat window. But in the background, a precise, short-lived key mechanism ensures that your data is protected from the very first moment - long before the actual processing begins.

Before mentalhealthGPT even works with your input, a second central protection step takes place: complete anonymization.

This applies to texts, but also to audio and video recordings. When you upload a recording, it is first encrypted like any text and then transcribed in a protected, short-lived working memory of our AI. This area functions like a briefly opened temporary therapy room: secure, access-restricted and without any storage.
The raw transcript is not used, but is immediately anonymized in the working memory.

For example, "Ms. Anna Müller reported..." becomes
"Patient X92 reported...",

and "in the meeting with Dr. Schneider" becomes
"in the meeting with GTR7U."

At the same time, a separate, encrypted assignment table (Ms. Anna Müller - patient X92) is created for this session, which is assigned exclusively to your personal account and the action. It only contains which real personal data belongs to which anonymous name - and is technically completely separate from the anonymized transcript. Both parts can only be merged by you.
As soon as the anonymization is complete, the original audio or video file is deleted immediately, as is the non-anonymized raw transcript.

This means that the AI never sees real people - and you can still continue working with your real patient data.

After the AI has processed the anonymized content, the response makes its way back to you via the same secure route.

It travels encrypted, like in a sealed envelope that is only opened in your browser. There it is automatically converted into the form you need in your everyday therapeutic work: personalized again and assigned to the case you are working on.

This re-personalization only takes place in a separate processing step on our platform. The corresponding assignment entries are managed separately for each case and each session, so that histories with multiple transcripts, sessions and notes can be precisely reassembled - like different chapters of a carefully managed patient file.

This seamlessly creates a complete, familiar case view for you, without the AI recognizing a real person at any time.

And this is precisely where another advantage arises: if you want to discuss content in a team, in supervision or in training, re-personalization can be stopped in a single step. The case then automatically appears in the anonymized form - technically precise, complete, but without a single identifying detail.

This preserves your personal case view while giving you the freedom to share cases safely, responsibly and without additional effort.

Once your work with a case is complete, the data is stored in two strictly separate areas: the anonymized content on one side and the encrypted mapping table (Dr. Schneider - GTR7U) on the other. The case information does not contain any identifying details; the allocation tables are kept technically isolated and encrypted and are never stored together with the content.

Both are located exclusively in Switzerland, within an infrastructure that is operated in accordance with recognized security standards. When accessed later, the separate components are merged again based on your personal authorizations and delivered to your browser in encrypted form without being saved.

This creates a clear, traceable and permanently protected form of digital case management - with a structure that is designed from the outset to strictly separate identity and content and to manage them reliably.

mentalhealthGPT is designed to fit seamlessly into the legal and organizational requirements of various healthcare systems - in Switzerland, Europe and the USA. The entire platform consistently follows the requirements of the Swiss Data Protection Act (DSG), the European General Data Protection Regulation (GDPR) and the technical and organizational requirements resulting from the HIPAA guidelines for health data in the United States.

The separation of identity and content, controlled access via individual authorizations, exclusive storage in Switzerland and end-to-end encryption create a level of security that meets the strictest international standards. This makes mentalhealthGPT suitable not only for individual practices and group practices, but also for clinics, hospitals and institutions that operate in different jurisdictions or maintain international cooperation.

The result is a solution that is both locally anchored and internationally compatible - with a security approach that goes far beyond what conventional AI systems can achieve.