Governance & Disclosure

This document defines the operational boundaries and data ethics of Astraios.AI. In the regulated environments of Healthcare and Pharma, transparency is the primary prerequisite for technical modernization.

[REGULATORY DISCLAIMER] The AI models and "Artifacts" referenced on this site are strategic architectural frameworks. They are not medical devices. They are not validated for clinical diagnostic use unless explicitly stated within a formal, signed Statement of Work (SOW) that complies with GxP/HIPAA/GDPR standards.

1. Scope of AI Intervention

Our Agentic AI solutions are governed by strict operational constraints to maintain data integrity in legacy environments:

Zero Training Policy: We do not permit proprietary or patient-identifiable data to be ingested into public training sets. All LLM interactions occur within private, isolated instances (Azure OpenAI / Med-Gemma).
Human-in-the-Loop (HITL): No autonomous agent is permitted to execute clinical verdicts or system-level changes without explicit senior-level human oversight.
Explainability Mandate: Any AI-generated output must be accompanied by its source "Archeology"—the specific legacy data points or documentation used to derive the result.

2. Legacy Data Integrity

When auditing legacy software infrastructure (defined as systems >10 years old), our scope is strictly limited to:

Non-Invasive Auditing: We prioritize read-only access to legacy databases to map data structures without risking system uptime or data corruption.
Data Extraction Ethics: We only extract metadata required for the specific modernization bridge defined in the project scope.

3. Data Privacy & Handling

Our data handling protocols are divided into two distinct tiers of engagement:

A. Information Capture We collect name, email, and organizational data solely for direct professional engagement. We do not sell or trade this data with third-party marketing entities.
B. Clinical Data Management In the event of a clinical PoC (such as Cloud PACS or Radiologist Coaching), all data handling is managed through Azure Health Data Services, utilizing enterprise-grade encryption and regional data residency to ensure HIPAA and GDPR compliance.

4. Limits of Liability

Astraios provides strategy and software services. We are not responsible for decisions made by medical professionals or junior staff using our AI "coaching" tools. Final accountability for diagnostic outcomes rests solely with the licensed practitioner.