Safe, bounded,
and built for
children's care.
SpeechOak is a closed, clinician-directed tool. Children never chat freely with AI. Families never select treatment. Every piece of child data is handled like protected health information — collected minimally, encrypted, and logged.
Children do not talk to a chatbot. There is no open-ended AI on the child side of the platform.
SLPs assign every activity. Parents and children cannot pick a clinical treatment path on their own.
Treated as health information. Collected minimally, encrypted in transit and at rest, fully audit-logged.
SpeechOak never contacts a child or parent directly. All family-facing communication routes through the SLP.
How the AI is bounded.
The AI assists the clinician — it does not interact with children directly. There is no chat window for child users, no free-form prompt box, and no open-ended conversation. The model only runs against SLP-authored content and clinical templates, and every output is reviewed and edited by the SLP before it reaches a family.
We do not use your clients' information to train or improve AI models. See also You make the call in our Trust Center.
Who controls treatment.
Only credentialed SLPs assign activities, set goals, and make progress decisions. Parent and child accounts can view what has been assigned and the results the SLP has approved — they cannot create, change, or escalate a clinical plan. This boundary exists in the software itself, not just in policy.
What we collect — and what we don't.
| Collected | Not collected |
|---|---|
| SLP-entered session tallies and observations | Unprompted audio or video from a child |
| Draft and approved progress notes | Biometric identifiers (face, voiceprint) |
| Client identifiers needed to deliver service | Device location or movement data |
| Assignment progress and approved summaries | Advertising or behavioral-profile data |
| Audit records of every edit and approval | Anything used to train external AI models |
HIPAA-aware handling.
- BAAs in place with our hosting provider (AWS) and AI provider (Anthropic).
- PHI minimization. We collect only the fields needed to draft and store a note.
- Authenticated access only. Client information is never viewable without a verified, logged-in SLP session.
- Family summaries route through the SLP. SpeechOak does not send anything to a family on its own.
- Configurable retention. Practices set how long records are kept; verified deletion requests are honored.
Child privacy protections.
- No child-to-AI contact. There is no chat, prompt box, or open-ended generation surface exposed to a child user.
- No third-party ad tech. No advertising SDKs, no behavioral profiling, no resale of any data.
- Parental visibility through the SLP. Parents see what their clinician has approved for them to see.
- Deletion on request. A parent or practice can request deletion of a child's records; we verify and confirm.
Roles & access.
Every account has a role. The role decides what is visible — there is no shared view of the platform.
| Role | What they can see & do |
|---|---|
| SLP (clinician) | Their own caseload only — sessions, draft notes, assignments. No access to other clinicians' clients. |
| Parent | Their own child's assigned activities and SLP-approved summaries. View-only; cannot create a clinical plan. |
| Administrator (practice / school) | User management and billing for their organization. No access to clinical content unless an SLP explicitly grants it. |
| SpeechOak staff | No routine access to client data. Any break-glass access (e.g., engineering support) is logged and the practice is notified. |
Publisher & IP safeguards.
Assessment workflows (such as TILLS) involve publisher-protected stimuli, manuals, and norm tables. SpeechOak treats this material as restricted intellectual property:
- Gated by license. Access to assessment surfaces requires that the examiner holds a current license to the instrument.
- No public exposure. Stimuli, manuals, and norm tables are never rendered on public or unauthenticated pages.
- Stored in restricted form. Raw items are not stored in user-readable form; the platform stores responses, derived scores, and clinician interpretation.
- No AI training. Assessment content is not used to train or fine-tune any AI model.
Technical summary.
- Encryption. TLS 1.2+ in transit; AES-256 at rest in AWS-managed stores.
- Hosting. AWS (US region), AppRunner for application compute, managed Postgres for persistence. BAA in place.
- AI sub-processor. Anthropic, configured so customer data is not used to train models. BAA in place.
- Audit logs. Every draft, edit, approval, sign-in, and administrative action is recorded with actor, timestamp, and target record.
- Access control. Email magic-link authentication, role-based authorization on the server, least-privilege defaults; administrative actions require an explicit admin role.
- Data minimization & retention. Only fields required to draft and store a note are collected; retention is configurable per practice; verified deletion requests are honored end-to-end.
- Sub-processors. AWS, Anthropic, and a transactional email provider. The full, current list is available on request.
- Reporting. Security disclosures, privacy questions, and compliance packets all go to
trust@speechoak.com.
Need a deeper review?
We'll send a security packet, walk a compliance reviewer through the platform, or answer a single question from a worried parent. Reach out any time.
- Privacy & securitytrust@speechoak.com
- Schools & clinicspilots@speechoak.com
- Security packetAvailable on request
- Last reviewApril 2026