Security & trust
Trust is the product. Everything else is built on it.
A wellbeing platform only works if employees tell it the truth — and employees only tell the truth to systems that provably can't betray them. That's why privacy isn't a compliance checkbox here. It's the architecture.
The questions people don't ask out loud
The employee who wants therapy — and worries it will somehow reach her manager.
The engineer who read the entire privacy policy before his first check-in. Every word.
The CISO who has watched “compliant” mean nothing, twice.
The wellbeing rollout that stalled on one unanswered question: who sees what?
Privacy isn't our legal section. It's the reason the data is honest — and the reason the product works at all.
For employees
What your employer can see: patterns. What they can't: you.
Patterns, never people
Organisations receive anonymised, aggregated signals only — mood trends by department, cohort-level risk indicators, engagement rates. No names, no individual scores, no session content. Ever.
Minimum cohort thresholds
Reports exclude any group too small to guarantee anonymity. A department with fewer than the threshold number of respondents is locked out of dashboards entirely, so nobody can be identified by elimination.
End-to-end encrypted care
Therapy sessions, Milo conversations, check-ins, and assessments are encrypted in transit and at rest. Clinical records live in clinical systems — separated from anything an employer can query.
Consent before crisis
Every employee learns exactly what their employer can and cannot see at onboarding — before any difficult moment arrives. Trust is built in advance, not requested in a crisis.
For security teams
Certified, not "aligned."
- ISO 27001 certified information security management
- SOC 2 Type II certified controls
- DPDP Act 2023 compliant data handling
- Data residency in India
- SSO via Google, Microsoft Azure, Okta, and SAML — no password sprawl
- Role-based access controls and audit logging
- APIs and webhooks with scoped, revocable tokens
For procurement
Evaluation without the runaround.
- Security documentation pack available under NDA during evaluation
- Data Processing Agreement aligned to DPDP requirements
- Sub-processor list and data-flow diagrams on request
- Vendor security questionnaires (SIG, CAIQ, custom) answered within one week
- Named security contact — not a shared inbox
Privacy you can see
The dashboard enforces the promise.
This isn't a policy document — it's product behaviour. Cohorts below the anonymity threshold are locked in the interface itself, aggregate views are the only views, and clinical content simply doesn't exist in the employer system. Read how the intelligence layer works on the organisational intelligence page.
Your people carry more than their KPIs.
Thirty minutes with a founder — see what compassionate, accountable care looks like for your organisation. A tailored proposal inside five working days.