Health & Therapy Data
- Executive Summary
- Working Knowledge
- Technical Spec
This is the most legally sensitive and commercially important section of Layer A. ReGenesis will handle deeply personal, emotional, and mental health-adjacent content. This is not a bug — it is the core of the platform's value proposition. Executive coaching at its most effective touches on fear, anxiety, imposter syndrome, relationship dynamics, burnout, grief, anger, and other content that sits in the territory between professional development and therapy. Sasha's ability to recognize, analyze, and generate insights about these patterns is what makes ReGenesis transformational rather than transactional.
Under GDPR, this content constitutes special category data (Article 9) — data concerning health, which requires explicit consent and enhanced protections. Under US law, while HIPAA does not currently apply to executive coaching, the CCPA's "sensitive personal information" category does, and future regulatory evolution may bring coaching platforms under health data regulations. The strategy is to build HIPAA-ready architecture now, so that when the regulatory landscape catches up to the reality of what AI coaching platforms handle, ReGenesis is already compliant.
The legal framing used during this transitional period is precise: "coaching with deep personal development support." ReGenesis is not a therapy platform. It does not provide clinical services. But the content the platform processes may be equivalent in sensitivity to therapeutic content, and it is protected accordingly. This honest, forward-looking approach builds trust with regulators, clients, and users — and positions us for a future where the line between coaching and therapy becomes a deliberate, regulated expansion pathway.
Why This Content Exists in the Platform
Professional coaching, especially at the executive level, routinely involves:
| Content Type | Examples | Frequency |
|---|---|---|
| Emotional self-disclosure | "I'm terrified of this board meeting" | Every session |
| Anxiety and stress | "I haven't slept properly in weeks" | Very common |
| Relationship dynamics | "My relationship with my co-founder is breaking down" | Common |
| Imposter syndrome | "I feel like I don't deserve this role" | Common |
| Burnout | "I have nothing left — I'm running on empty" | Common |
| Grief and loss | "My mentor passed away and I'm struggling" | Occasional |
| Mental health references | "My therapist said..." or "I've been taking medication for..." | Occasional |
| Trauma responses | "This reminds me of what happened at my last company..." | Occasional |
| Family/personal life spillover | "My divorce is affecting my concentration" | Occasional |
| Substance use | "I've been drinking more than I should" | Rare but critical |
| Suicidal ideation | "Sometimes I wonder if it's all worth it" | Rare but critical |
Stripping this content from the platform would eliminate the value of ReGenesis. A coaching platform that only handles professional goals and action items is a glorified to-do list. The deep personal content is where transformation happens — and where Sasha's AI insights are most valuable.
Legal Classification
GDPR Special Category Data (Article 9)
Under GDPR, "data concerning health" is a special category that requires enhanced protections:
- Default: Processing prohibited
- Exception (Art. 9(2)(a)): Explicit consent of the data subject
- What counts as health data: GDPR defines this broadly — "data related to the physical or mental health of a natural person, including the provision of health care services"
- ReGenesis position: Emotional and mental health content discussed in coaching sessions falls within this broad definition. The platform treats it as special category data and requires explicit consent.
HIPAA (US — Future Readiness)
HIPAA (Health Insurance Portability and Accountability Act) currently applies to:
- Covered entities (healthcare providers, health plans, clearinghouses)
- Business associates of covered entities
ReGenesis is currently NOT a covered entity — it is a coaching platform, not a healthcare provider. However:
- If ReGenesis ever partners with therapy providers or employee assistance programs (EAPs), HIPAA may apply
- If regulatory definitions expand to include AI platforms that process health-adjacent content, ReGenesis needs to be ready
- Building to HIPAA-ready standards now is far cheaper than retrofitting later
CCPA/CPRA Sensitive Personal Information
Under California law, "sensitive personal information" includes health data and requires:
- Right to limit processing
- Enhanced consumer rights
- Special opt-out provisions
The Sensitive Data Vault
All content flagged as sensitive (health, emotional, mental health) receives enhanced protections through the Sensitive Data Vault:
Sensitive Data Vault vs. Standard Storage
| Feature | Standard Storage | Sensitive Data Vault |
|---|---|---|
| Encryption at rest | AES-256 (database-level) | AES-256 + field-level encryption |
| Encryption in transit | TLS 1.3 | TLS 1.3 + pinned certificates |
| Access control | RBAC (4-tier visibility) | RBAC + explicit consent check per access |
| Audit logging | Standard audit log | Enhanced logging: every read/write/query |
| Retention | Client-configured default | Shorter retention option; explicit renewal |
| Admin access | Aggregated only | Never — even break-glass requires DPO + legal |
| Sasha processing | Standard permissions | Requires explicit "sensitive processing" consent |
| Export | Standard DSR export | Separate sensitive data export with additional verification |
| Deletion | Standard deletion pipeline | Priority deletion with enhanced certificate |
Keyword and Pattern Flagging
The platform automatically detects potentially sensitive content using a multi-layered approach:
Detection Layers
| Layer | Method | Sensitivity | False Positive Rate |
|---|---|---|---|
| Keyword matching | Dictionary of health/therapy terms | High (catches obvious terms) | Medium |
| Semantic analysis | NLP model trained on sensitive content patterns | Very High | Low |
| Context classification | Sasha analyzes surrounding context | Very High | Very Low |
| Coach flagging | Coach manually flags content as sensitive | Perfect (human judgment) | Zero |
Example Keyword Categories
| Category | Example Terms/Phrases | Action |
|---|---|---|
| Mental health conditions | depression, anxiety, PTSD, bipolar, OCD | Auto-flag + consent check |
| Therapy references | therapist, counselor, psychologist, medication, prescription | Auto-flag + consent check |
| Emotional distress | suicidal, self-harm, can't go on, want to end it | Immediate escalation protocol |
| Substance use | drinking problem, drug use, addiction, rehab | Auto-flag + consent check |
| Physical health | diagnosis, surgery, chronic illness, disability | Auto-flag + consent check |
| Burnout indicators | exhausted, can't cope, breaking point, nothing left | Flag for coach attention |
| Relationship distress | divorce, separation, domestic violence, abuse | Auto-flag + consent check |
If the platform detects content indicating imminent risk of harm to self or others (e.g., suicidal ideation, intent to harm), a separate crisis escalation protocol activates:
- Coach is immediately alerted (in-app + email + SMS)
- Platform displays crisis resources to the coachee (hotline numbers, emergency contacts)
- If coach is unavailable within 15 minutes, designated safety officer is alerted
- Incident is logged as a high-severity safety event
- Post-incident review within 24 hours
This protocol operates independently of consent — safety overrides privacy in life-threatening situations.
Legal Framing: "Coaching with Deep Personal Development Support"
Until the regulatory landscape clarifies the boundary between coaching and therapy in the AI context, ReGenesis uses precise legal framing:
What ReGenesis says it is:
- "An AI-powered coaching platform for professional and personal development"
- "Coaching with deep personal development support"
- "A platform that honors the whole person in their professional journey"
What ReGenesis explicitly is NOT:
- Not a therapy or counseling service
- Not a clinical mental health tool
- Not a medical device
- Not a diagnostic tool
What ReGenesis acknowledges:
- Content processed may include health-adjacent information
- This content receives special category protections regardless of legal classification
- Users should seek professional clinical support when needed (platform provides referral resources)
- The platform builds to the highest protection standard (GDPR special category + HIPAA-ready) regardless of current legal requirement
Future Therapy Market Migration
The long-term vision includes a regulated expansion pathway:
- Current: Coaching platform with deep personal development support
- Near-term: Partnerships with licensed therapists/EAPs for referral pathways
- Medium-term: "Regulated data mode" that activates full HIPAA/clinical compliance
- Long-term: Licensed digital therapy offering (subject to regulatory approval and clinical partnerships)
This migration path is why ReGenesis builds to HIPAA-ready standards now — the architecture should not change, only the regulatory registration and clinical oversight.
This page describes the content that makes ReGenesis valuable — and the content that creates the most legal and ethical risk. Every person involved in building, selling, and operating this platform must understand: ReGenesis handles deeply sensitive personal content, protects it with the highest available standards, and never treats it casually. The day the organization loses respect for the sensitivity of this data is the day it loses the trust that makes the platform possible.