Skip to content
Data ProtectionBy design

Data Minimisation & Zero-PII Analytics

Desha.ai is built on data minimisation. Directly identifying information is segregated from health data, tokenised wherever possible, kept out of logs and analytics, and never used to train third-party models. We call this our Zero-PII principle: the analytics, monitoring and model layers operate on de-identified data.

Request documentation Last reviewed June 2026
DESHA.AI Trust Center

Zero-PII Storage

Data Minimisation & Zero-PII Analytics
Status: By design
Jurisdiction: Platform-wide
Reviewed: June 2026

At a glance

Principle
Collect the minimum; separate identity from health data
Analytics & logs
De-identified, no PII
Identifiers
Tokenised / pseudonymised
Model training
No identifiable patient data used

What “Zero-PII” means here

Some personal data is necessary to deliver care reminders and records, that data is processed under the consent and lawful bases described in our GDPR and HIPAA statements. “Zero-PII” describes the layers where identifying data is deliberately excluded: product analytics, operational logs, telemetry, and any model-improvement workflow operate on pseudonymised or aggregated data only.

How we minimise exposure

  • Identity data is stored separately from health data and linked by tokens, not by name.
  • Logs, metrics and crash reports are scrubbed of personal identifiers.
  • Analytics use pseudonymous IDs and aggregates; no raw PII leaves the secure data plane.
  • Retention is purpose-limited, with deletion on account closure and consent withdrawal.

AI & model use

Identifiable patient data is never used to train third-party foundation models. Where AI features process content to deliver the service, that happens inside our access-controlled environment, governed by consent and our processor terms.

Documentation available on request

  • Data-minimisation & pseudonymisation overview
  • Logging / telemetry redaction summary
  • Data-retention schedule summary

Provided to qualified reviewers under a mutual NDA via contactus@desha.ai.

This page summarises Desha.ai’s posture for due-diligence review and does not disclose internal systems or security-sensitive detail. It is informational and not a warranty or legal advice. For contractual terms request our DPA / BAA at contactus@desha.ai.