Trust and governance

Built for teams that cannot risk independence, privacy, or unsupported claims.

ChatCME is designed for accredited CME/CE providers and health care professional associations that need AI to stay inside approved educational content, produce cited answers, and turn learner questions into governed reporting.

The trust model

Education independence

Your team controls the activity, sources, objectives, disclaimers, configuration, and external reporting boundaries.

Source-grounded answers

Retrieval stays scoped to approved materials and answers cite the relevant source passage, slide, or timestamp.

De-identified reporting

Analytics and funder-facing summaries are aggregated and de-identified. Raw learner transcripts are not a supporter deliverable.

Operational controls

Role-based access, audit history, tenant scoping, retention controls, and export options support enterprise review.

SOC 2 diligence

Independent security review for enterprise buyers.

Erudio Health has received a Security-only SOC 2 Type I report from ConstellationGRC CPA P.C. covering the Services System as of June 12, 2026. The covered system includes ChatCME product workflows and supporting Erudio infrastructure.

The current report addresses Security criteria only. It does not represent a Type II report, HIPAA certification, or a report on Availability, Processing Integrity, Confidentiality, or Privacy criteria.

Security-only Type I report

Erudio Health has received a SOC 2 Type I report covering the suitability of the design of controls relevant to Security as of June 12, 2026.

Report available under NDA

The report is available to prospective and current customers through the diligence process under appropriate confidentiality terms.

Type II follow-up in progress

Erudio Health is pursuing a SOC 2 Type II follow-up on a planned three-month observation path.

Designed around the objections your buyers will raise.

Enterprise CME teams ask whether AI can be governed, audited, integrated, and scaled. Associations ask whether they can launch without a large technical lift while still protecting members, education quality, and funder boundaries.

ChatCME addresses both motions with the same product: scoped retrieval, cited answers, controlled reporting, and launch options that range from QR codes to embedded integrations.

External reporting boundary

Funders get approved summaries, not control.

Supporters and funders may receive de-identified, aggregated insight briefs when the education organization approves them. They do not receive learner-level data, raw transcripts, admin access, prompt control, or editorial rights.

Controls buyers can evaluate

Access and identity

Role-based admin access, least-privilege staff access, and support for enterprise authentication patterns.

Data minimization

Typical launches do not require PHI. Learner analytics can use pseudonymized or de-identified fields.

Encryption and isolation

TLS in transit, encrypted storage, tenant scoping, and per-activity retrieval boundaries.

Exports with context

Exports preserve useful context such as message timing, objective alignment, source use, and activity metadata.

Trust questions

Bring your risk questions to the first demo

We can review your independence, privacy, security, and deployment questions before your team commits to a launch path.

Explore architecture