Security
Built for practical clinic trust.
Business Command Centre uses conservative defaults for the AI Front Desk pilot: tenant isolation, staff approval, protected sessions, and verified integrations.
Tenant isolation
Customer, booking, conversation, and reporting data is scoped to the authenticated clinic tenant.
Role-based access
Staff roles restrict sensitive workflows, while Super Admin tools are kept in a separate console.
Webhook verification
Messaging and payment webhook handlers are designed to verify provider signatures before processing events.
Approval-first AI
The pilot starts with staff-reviewed drafts, reducing the risk of incorrect or unwanted automated messages.
Pilot boundaries
Business Command Centre is non-clinical infrastructure. Your PMS remains the system of record for any patient health information. We do not market the pilot as HIPAA, BAA, or PHIPA compliant, and the pilot is not an EMR, diagnosis system, treatment recommendation tool, or regulated clinical decision-support product.
Security and compliance needs vary by clinic, region, connected channel, and customer workflow. Clinics should review their own legal, privacy, consent, and retention obligations before sending customer data through any connected system.