A safeguard implemented and operated within the Norwyn service.
Security, privacy, and architecture
Trust needs a visible operating model.
This page separates Norwyn platform controls, customer-configured settings, shared production responsibilities, and commitments that must be made in writing.
Read every control in the right context.
A platform safeguard, a configured setting, a customer responsibility, and a contractual promise are different things.
A privacy, retention, event, or agent option that must be explicitly configured.
A policy, approval, system, or response path that remains under the healthcare organization’s control.
A promise that belongs in the signed order form, DPA, or security schedule.
Architecture
One call, four responsibility zones.
Norwyn coordinates the approved voice workflow, integrations, reporting, and operational controls while keeping each system boundary visible.
Caller
Calls the healthcare organization’s number and receives the approved AI and recording disclosure.
Voice processing
Handles telephony, real-time voice interaction, agent execution, and configured call artifacts.
Norwyn layer
Applies approved workflows, manages configuration, verifies events, and presents operational outcomes.
Healthcare systems
Receive permitted appointment actions, handoffs, reports, or connected-system updates.
The exact hosting regions, processing locations, telecommunications routes, integrations, and transfer paths are recorded for each production deployment.
Privacy
Know what can move through the system.
Call content can reveal sensitive personal information even when the workflow is administrative. Inventory and minimization happen before configuration.
Call media
Audio and recording artifacts when recording is enabled.
Conversation content
Transcripts, summaries, knowledge retrieval, and approved dynamic context.
Operational records
Phone identifiers, timestamps, duration, routing, outcome, and analysis fields.
Action data
Appointment details or connected-system results required by the approved workflow.
Retention
No production agent without a retention decision.
Every deployment needs a written schedule for recordings, transcripts, summaries, metadata, connected-system records, deletion, and legal exceptions.
Enable only where the approved call purpose and notice require them.
Keep only the information required for the agreed operational outcome.
Purpose, data categories, period, deletion path, export needs, and legal exceptions.
Downstream copies follow their own access, retention, and deletion requirements.
Access and safeguards
Controls are a chain, not a badge.
Each item below needs evidence in the Norwyn environment, customer configuration, connected systems, or contract before it can be treated as complete.
Credentials
API credentials stay on trusted server-side systems, are scoped by environment, and require a documented rotation and revocation process.
Production requirementAccess
Workspace roles, unique accounts, least privilege, review cadence, and restrictions on raw transcript or recording access.
Platform control + customer responsibilityEvent integrity
Connected events must be authenticated, invalid requests rejected, and retries handled without duplicating actions.
Platform controlMinimization
Collect only the fields needed for the approved administrative journey. Avoid clinical details when a scheduling outcome requires less.
Production requirementRetention
Select a documented retention period and privacy mode before activation. Deletion and legal-hold exceptions belong in the retention schedule.
Deployment setting + contractualResponse
Incident ownership, evidence preservation, containment, customer notice, and recovery steps must be assigned and tested.
Production requirement + contractualResponse and continuity
Design the exception path before launch.
Call safety
Emergency and clinical-risk language follows a customer-approved message and immediate human or emergency-services path.
Service failure
Define telecommunications, platform, integration, and internal fallback behavior, plus who monitors and communicates an interruption.
Security event
Assign intake, triage, containment, evidence, customer notification, regulatory analysis, recovery, and post-incident review.
Responsible disclosure
A dedicated security contact, safe-harbor language, severity method, and response expectations must be published before production.
Security review
Bring your questionnaire and one real call flow.
We will map the data, systems, roles, retention, access, and handoffs that your deployment actually needs.
