Skip to content
AI governance

Governance you can hold us to.

For an AI rep whose every sentence is a regulated statement, governance cannot live in a policy binder — it has to be a property of the system. This page states that governance the way a compliance or security review needs it: the guarantees the platform makes, the human oversight around them, how data is handled, and who answers when something needs correcting. It describes outcomes deliberately; implementation detail is shared under NDA, not published.

01AI governance

The guarantees

Each of these is a property of the system, not a promise of best effort — and where a guarantee applies to the gated text channels specifically, it says so. Every one of them is stated elsewhere on this site; they are gathered here for review.

Answers come only from your approved corpus.
On the gated text channels there is no general medical model improvising underneath. A zenrep cannot assert anything that isn't in the MLR-approved material you load — your corpus is the ceiling on what it can say. The video avatar is a preview, audited after the fact.
Replies are checked before delivery on the gated text channels.
On web chat and Telegram — the gated text channels, live today — every reply passes the compliance gate before it reaches the clinician: in scope, grounded in an approved passage, fair-balanced, and audit-recorded. Then, and only then, is it delivered.
It refuses rather than guesses.
The gate is fail-closed. When a reply can't be grounded in your approved material, or a question falls outside scope, the zenrep declines, redirects, or routes the question to a human. Refusing correctly is treated as a success, not a failure.
Benefit never travels without risk.
Efficacy statements are automatically paired with the required safety information; a reply cannot send benefit without the balancing risk.
Adverse events route to your pharmacovigilance process.
When an HCP mentions a possible adverse event, the report is flagged, recorded as regulated intake, and routed to your pharmacovigilance process — your team is paged, and the exchange stays on the record. The most recent strengthening of detection shipped after offline validation, with live verification in progress.
Every turn lands on an append-only audit record.
What was asked, what was answered, what the gate decided, and the exact approved passage the answer was anchored to — written to an append-only record with tamper protection, reconstructable any time, and exportable as CSV.
Every deployment is isolated.
Your corpus, your conversations, and your audit record stay inside your tenant. No customer's corpus or audit log crosses into another's deployment.
02AI governance

Human oversight

The system is governed by people — yours.

Your MLR review sits upstream of everything.
Nothing a zenrep can say has not already been cleared: your MLR team reviews and approves the corpus at onboarding, and that approved corpus is the ceiling on every answer after it. Changes to what a zenrep can say ship as corpus and template updates under your approval — never as silent behavioral drift.
People stay in the loop.
Edge cases, out-of-scope questions, and adverse-event reports route to your team — never to an autonomous decision. A zenrep is HCP-facing promotional support; it does not diagnose, recommend treatment, or make medical judgments.
Escalation is a feature, not a failure path.
When a question deserves a human, the zenrep says so and pages your team — and the exchange, including the decision to route it, lands on the same audit record as everything else.
03AI governance

Data handling

Residency and retention are stated once, on the trust page, and carried here unchanged.

Regional residency

Canadian tenants run in ca-central-1 (Montreal); US deployments stand up in-region in us-east-1.

Retention & minimization

We keep the auditable record a regulated channel requires, and no more. Per-jurisdiction retention controls — including reduced free-text retention where the law requires it — are on the roadmap.

04AI governance

Accountability

Every conversation is reconstructable end to end: the question, the answer, the verdict, and the approved source behind it. When a regulator, an MLR reviewer, or your own audit team asks what was said and why, the record answers — any time, exportable as CSV.

05AI governance

What we publish — and what we share under NDA

This page publishes outcomes and guarantees on purpose. How the platform achieves them — the architecture, the providers behind it, and the internal verification detail, including the itemized subprocessor list — is shared with prospective customers under NDA during security and compliance diligence. security@zenreps.com

Put these guarantees in front of your reviewers.

A demo runs against a corpus that looks like yours, with your compliance and security questions front and center — watch the gate decide, and read the record it writes.