Learn how PR-TOP protects your clients' most sensitive data with industry-leading security measures.
PR-TOP supports four configurable AI providers. The active provider is selected by the platform operator via environment variables — therapists do not choose the provider directly.
The operator configures the deployment with one or more providers. Ask the platform operator which provider is currently active.
Only the minimum data required to complete each AI task is sent. No client names, Telegram IDs, email addresses, or other personally identifying fields are ever included in AI API calls.
AI is invoked for the following discrete, therapist-initiated tasks only:
Data submitted to AI providers via REST API is processed transiently. Under standard API terms, providers do not store it in a persistent database:
None of the above providers are based in the EU. If EU data residency for AI processing is a hard requirement, discuss provider configuration with the platform operator.
Each AI provider publishes a DPA or equivalent policy that covers how API data is handled:
If your practice requires a signed DPA directly between your clinic and each AI provider, verify with the platform operator which providers have been contracted and which DPAs have been countersigned.
Under standard API terms, AI providers do not retain submitted data beyond what is needed to complete the request:
Provider policies may change. Review the latest version of each provider's DPA before making contractual commitments to clients.
PR-TOP does not currently offer a global 'AI off' account toggle. AI features are opt-in at the task level — nothing is sent to an AI provider unless the therapist explicitly triggers a task:
If your practice requires that no client data ever reaches an external AI provider, ask the platform operator to configure the deployment without AI provider API keys. In that configuration, transcription and AI summaries are unavailable; all other features (diary, sessions, exercises, SOS alerts) continue to function normally.