Product boundary
V1 is positioned as reporting assistance: dictation, formatting, proofreading, rewrite suggestions, templates, explicit approval for review edits, and audited safe cleanup.
Trust, documented.
Every claim on this page maps to a control in code, a contract artifact in motion, or a regulatory position we deliberately do not assert. Maintained continuously, not at launch.
01Intended use
Reporting assistance
02AI changes
Human-approved
03Report storage
Not server-archived
04Processing region
EU-first
Current position
Where Revelar stands today
Live safeguards in production, contract terms customers should expect, and claims that wait until the underlying evidence is in place.
Defined
Workspace safeguards
Review-class AI edits are review-gated, hash-bound, and visible before they change report text. Safe cleanup is auto-applied only after audit controls pass. Stale edits cannot apply.
Report storage
Workspace report text is not maintained as a server-side archive. Account export exists and excludes report text by design.
Dictation lane
Live dictation uses temporary, server-issued credentials and the configured realtime dictation route. Depending on provider and deployment, audio can stream directly to the provider or through backend proxy endpoints.
Clinical decision support
Revelar is not positioned as autonomous diagnosis, finding detection, triage, treatment advice, follow-up, or image interpretation.
Image interpretation
Revelar does not acquire, process, or analyse medical images. Image-based inference is outside the V1 product scope.
Clinical customer use
Identifiable patient data belongs behind customer terms, signed DPA, privacy review, and verified subprocessor evidence.
Full EU data residency
Active processing is EU-first. Broader residency claims wait for vendor evidence on support, logs, backups, and subprocessor regions.
Roadmap
Enterprise evidence program
A staged plan toward formal procurement readiness. We publish what is complete, what is in motion, and what is deliberately deferred.
- P01Q4 2025
Product boundary
Lock the intended-use boundary in code, prompts, and tool profiles before evidence work begins.
Complete100%- Intended-use memo drafted
- Default-V1 RADS injection disabled
- Tool profiles enforce edit lanes
- Regression tests block clinical drift
- P02Q1 2026
Public foundation
Public privacy, legal, and trust pages aligned to current architecture and non-claim policy.
Complete100%- Privacy notice published
- Legal notice published
- Trust dossier published
- Internal compliance overview drafted
- P03Q2 2026
Vendor evidence
Collect signed DPAs, regional terms, and retention details from every active subprocessor.
In progress45%- Supabase, Vercel, Stripe DPAs
- AI route retention and no-training terms
- Realtime dictation provider evidence
- Subprocessor public list
- P04Q3 2026
Customer pack
Counsel-reviewed customer DPA, DPIA support template, and pilot-readiness checklist.
Planned10%- Customer DPA template
- DPIA-light support pack
- Records of processing (controller and processor)
- Breach register and notification SOP
- P05Q4 2026
Security pack
Procurement-grade security overview backed by encryption, access, SDLC, and incident evidence.
Planned5%- Security overview document
- Vulnerability disclosure policy
- Access control and MFA policy
- Backup and recovery statement
- P062027
Certification readiness
Evaluate ISO 27001 readiness and re-test the MDR boundary against pilot product behaviour.
Future0%- ISO 27001 gap analysis
- External penetration test
- MDR boundary re-review
- AI Act classification memo
Controls
Live safeguards in production
These are product controls running in code today. They form the working base for privacy, security, and clinical procurement evidence.
No server-side report archive
Workspace report text is not maintained as a server archive. Account export excludes report text by design.
Human review and audit
Review-class AI edits stay pending until the radiologist approves them. Safe cleanup is audited when it auto-applies.
Fresh-hash stale-edit protection
Edit tools require a fresh report hash. Stale edits are rejected before they reach the editor.
Narrow edit lanes
Proofread, format, and rewrite lanes have separate tool profiles. The default assistant cannot call clinical reasoning tools.
Browser-local workspace storage
Draft report text lives in the user's browser. The server keeps no persistent report archive.
Row-level security on account data
Supabase RLS, auth checks, and organization membership checks protect account and organization data.
Network-only PWA service worker
The service worker does not cache reports or API responses, so report content stays off offline caches.
Dictation via temporary credentials
Live dictation uses short-lived server-issued credentials or routes for the configured provider. Audio handling is provider- and deployment-dependent, including direct browser streams or backend proxying.
Evidence ledger
Compliance artifacts
Every artifact below maps to a live product control, a vendor contract, or a counsel decision. Status reflects the current state of the file in the repository.
RefArtifactStatus
DOC-01Intended-use and non-claim memoDrafted
DOC-02Function classification matrixDrafted
DOC-03Compliance overview (internal)Drafted
DOC-04Architecture enforcement noteDrafted
DOC-05Customer DPA templateCounsel review
DOC-06Subprocessor public listDrafting
DOC-07Vendor evidence folderCollecting
DOC-08DPIA pilot templatePlanned
DOC-09Records of processing (RoPA)Planned
DOC-10Breach register and SOPDrafted
DOC-11Security overview packDrafting
DOC-12Vulnerability disclosure policyPlanned
Subprocessors
Service providers
Vendors that may process data when their feature is in use. Full DPAs, regional evidence, and retention terms are tracked inside the vendor evidence program.
VendorPurposeRegionEvidence
SupabaseAuth, database, account and organization dataEU (Frankfurt)Pending
VercelHosting and serverless runtimeEU-firstPending
Vercel AI GatewayAI request routingRoute-dependentPending
OpenAI / AnthropicAI generationRoute-dependentPending
Realtime dictation providerRealtime dictationProvider-dependent, EU-first where documentedPending
StripePayments and billingEU / GlobalPending
ResendAuth and support emailEU / GlobalLive
Out of scope
Claims we do not make
A clear boundary for users, customers, and procurement. Stronger claims arrive only after the underlying evidence does.
CE marking / MDR compliance
V1 is intentionally narrow reporting assistance. We do not claim medical device status until classification, QMS, and clinical evaluation work is in place.
EU AI Act compliance
AI literacy and transparency obligations are tracked, but a compliance claim waits for classification, risk management, and conformity work.
ISO 27001 / SOC 2
These are procurement evidence regimes, not legal requirements. Audited certification follows the security pack, not the other way around.
Full EU data residency
Active processing is EU-first. A full residency claim requires vendor evidence on support access, logs, backups, and subprocessor regions.
Product-wide Zero Data Retention
ZDR may hold for a specific AI route once contract evidence confirms it. It cannot be claimed across logs, auth, billing, support, or telemetry by default.
Clinical decision support
Diagnosis, triage, severity, staging, follow-up, and missed-finding reduction are out of scope for V1 and require a deliberate medical-device track.
Access
Legal and privacy access
Mandatory and expected company pages, one click away.
Privacy notice
How account data, workspace text, AI processing, dictation, processors, retention, rights, and cookies are handled.
Legal noticeCompany identity, registered address, enterprise and VAT number, contact, terms boundary, and product non-claims.
Privacy mailboxUse privacy@revelar.xyz for rights, deletion, DPA, and processor questions. Use support@revelar.xyz for product support.