Compliance & Liability
Built for the 2 a.m. call
and the 2 p.m. deposition.
AfterHours Ally's compliance posture isn't a feature — it's the architecture. Consent gates, immutable logs, and a conservative AI policy ship on day one, before your first owner interaction.
Compliance Pillars
Compliant SMS and consent by default
All outbound SMS — including on-call DVM alerts and owner notifications — routes through an A2P-registered campaign. Opt-in consent is captured, versioned, and stored before any message is sent. The consent record travels with every audit event.
Board-reviewed disclaimer before every session
A customizable legal disclaimer is presented and must be acknowledged before the first triage question. The acknowledged version identifier, timestamp, and IP hash are stored immutably. Owners cannot proceed without explicit acknowledgement.
Conservative AI — suggestions only
If optional AI pre-classification is enabled, the model output is advisory only. The deterministic rule engine makes all urgency decisions. Model weights and red-flag flags are never sent to the AI. All AI calls are server-side only — never from the client.
Immutable, append-only interaction logs
Every triage session writes to an append-only log. No record can be edited or deleted after creation. Logs include consent version, IP hash, urgency score, protocol version, escalation decision, and DVM acknowledgement timestamp.
Configurable retention with automatic purge
Interaction records are retained for 24 months by default (configurable per clinic). A nightly job enforces the retention window and purges expired records in compliance with your documented data policy. Purge events are themselves logged.
Clinic-scoped data, zero cross-contamination
Each clinic's data is isolated by clinic ID at the query level. Dashboard access requires an authenticated Supabase session tied to the clinic. There is no super-admin view into patient interactions — even AfterHours Ally staff cannot read your records.
Security Posture
| Control | Status |
|---|---|
| A2P 10DLC Registration | Platform-wide |
| TCPA Consent Storage | Per-session |
| TLS 1.3 in transit | Always |
| Data at rest — AES-256 | Always |
| Append-only audit log | Always |
| Automated data purge | Nightly cron |
| Rate limiting — triage API | Active |
| IP hash — never plain IP | Always |
Liability Questions
Does AfterHours Ally practice veterinary medicine?
No. The product provides structured triage guidance, not diagnosis or treatment. Every output is framed as guidance to seek appropriate care. The disclaimer, displayed before every session, makes this explicit and must be acknowledged before any guidance is delivered.
Who is responsible for the triage protocol content?
Your clinic's DVMs review, edit, and approve the protocol content before go-live. AfterHours Ally provides a default set aligned with common small-animal presentations, but your team owns the clinical judgment. Published protocols carry a timestamp and author record.
Can an owner sue the clinic if they followed the guidance?
No software eliminates legal risk. However, AfterHours Ally's design — explicit consent with versioned disclaimer, deterministic (not AI) urgency scoring, conservative fail-open escalation policy, and immutable interaction logs — is built to support your liability defense, not undermine it. We recommend reviewing the audit posture with your liability carrier.
What happens if a critical case comes in and the system fails?
AfterHours Ally is configured with a 24/7 failover page that displays your ER partner contacts and phone numbers. If the service is unreachable, owners reach a static HTML page with emergency routing. The system is designed to fail safe, not fail closed.
Questions about our compliance posture?
Reach us at hello@citebundle.com — we'll respond within one business day.