Data Protection Statement
Last updated: February 2026
1. Data Anonymization Strategy
All patient data in Lambent Synapse is stored under pseudonyms. The system does not require or store real patient names, addresses, or government IDs. Therapists assign pseudonyms at patient creation. Uploaded audio/text files are stored with UUID-based paths containing no personally identifiable information (PII).
2. Storage Architecture
- Database: PostgreSQL with encryption at rest. Hosted on secured cloud infrastructure.
- Object Storage: Patient uploads stored in S3-compatible object storage with access-controlled, non-guessable paths.
- API Keys: Only SHA-256 hashes are persisted. Raw keys are ephemeral (shown once).
- Passwords: bcrypt-hashed with salt rounds of 10.
3. Access Control Model
| Role | Can Access | Cannot Access |
|---|---|---|
| Therapist | Own patients, own sessions, audit logs | Other therapists' data, student data |
| Educator | Own classes, assignments, student submissions | Patient data, API data |
| Student | Own assignments, own submissions | Other students' data, clinical data |
| Developer | Own API keys, usage logs | Patient data, student data |
4. Audit Trail
All sensitive operations are logged in an append-only audit table:
- User login/registration
- Patient creation and data upload
- Assessment generation and PDF export
- API key creation and revocation
- Class creation and student enrollment
Each audit entry records: user ID, action, resource type/ID, IP address, timestamp.
5. Data Deletion Policy
- Therapists can delete individual patient records and all associated sessions.
- Users can request full account deletion, which cascades to all owned data.
- Audit logs are exempt from user-initiated deletion (retained for compliance).
- API usage logs are anonymized after 90 days.
6. FHIR/HL7 Interoperability
Lambent provides a FHIR R4-compatible stub endpoint at /api/integrations/fhir with documented data mappings for Patient and Observation resources. Full FHIR integration is planned for a future release.
7. Incident Response
In the event of a data breach, LAMB Lab will: (1) investigate within 24 hours, (2) notify affected users within 72 hours, (3) report to relevant data protection authorities as required.
8. Contact
Data Protection Officer: lamblab@cityu.edu.hk
LAMB Lab, City University of Hong Kong