TavanMindTavanMind

Security

Last updated: June 2, 2026

TavanMind is designed for clinical environments where privacy, controlled access, data integrity, and responsible handling of sensitive information matter.

This page describes the security principles behind TavanMind's website, dashboard, cloud-linked workflows, and local-first clinical architecture.

For privacy-related requests, please contact us at:

admin@tavanmind.com

1. Security Principles

TavanMind is built around the following principles:

  • local-first clinical workflows where applicable;
  • minimized cloud exposure of direct patient identifiers;
  • protected patient-identifying fields;
  • organization-based access control;
  • therapist and administrator role separation;
  • authenticated dashboard access;
  • license and seat enforcement;
  • reliability checks before interpretation;
  • separation between objective test metrics and clinical documentation;
  • privacy-conscious design for clinical environments.

2. Local-First Clinical Architecture

TavanMind is designed so that patient records and assessment workflows can remain centered around the clinic's local environment.

In local-first configurations, the desktop environment acts as the primary clinical workspace for:

  • patient records;
  • cognitive test execution;
  • session history;
  • assessment results;
  • clinical documentation;
  • longitudinal review.
  • Where cloud-linked features are enabled, selected data may be synchronized to support dashboard access, reporting, license management, and future norm-building workflows.

3. Protected Patient Identifiers

TavanMind aims to protect direct patient identifiers before cloud synchronization where applicable.

Direct identifiers may include fields such as:

  • name;
  • national ID;
  • phone number;
  • address;
  • family-related identifiers;
  • direct clinical identity fields.
  • These fields should be protected using client-side encryption or equivalent safeguards before cloud storage, depending on the deployed configuration.

4. Assessment Metrics and Reporting Data

TavanMind may process assessment metrics separately from direct patient identifiers.

Assessment metrics may include:

  • reaction time;
  • accuracy;
  • omission errors;
  • commission errors;
  • reliability level;
  • behavioral pattern;
  • score values;
  • task metadata;
  • longitudinal trend data.
  • These metrics support reporting, clinical review, and future empirical norm-building workflows. They should not include unnecessary direct patient-identifying information.

5. Organization and Role-Based Access

TavanMind supports organization-based access models.

Access may be separated by:

  • organization;
  • therapist account;
  • organization administrator;
  • vendor administrator;
  • license seat;
  • activation status;
  • revocation status.
  • Users should only access data they are authorized to view.
  • Administrative areas such as vendor and organization management are intended only for authorized users.

6. Authentication and License Controls

TavanMind may use authentication, activation, heartbeat, and seat verification mechanisms to manage access.

These controls help ensure that:

  • only authorized users access the dashboard;
  • only activated users use cloud-linked features;
  • license seats are enforced;
  • revoked users lose access;
  • unauthorized devices cannot freely consume licenses;
  • organization-level access remains separated.

7. Data Integrity and Reliability Guard

Clinical interpretation depends on data quality.

TavanMind includes reliability and data integrity checks that may identify:

  • low valid-trial ratio;
  • hardware timing deviation;
  • incomplete sessions;
  • random or rushed responses;
  • low engagement patterns;
  • unstable response behavior.
  • When reliability is low, TavanMind may display warnings so that professionals do not overinterpret weak or unstable data.

8. Cloud Security

Where cloud-linked features are enabled, TavanMind may use cloud infrastructure for:

  • authentication;
  • account management;
  • organization administration;
  • license and seat management;
  • report access;
  • selected synchronized records;
  • dashboard functionality.
  • Cloud workflows should apply encrypted transport, server-side authorization checks, row-level access control, organization scoping, secure handling of privileged keys, protected environment variables, rate limiting and abuse prevention, and no public caching of authenticated dashboards or APIs.

9. Browser and Website Security

TavanMind applies or aims to apply modern website security measures, including:

  • HTTPS;
  • secure headers;
  • content security policies;
  • frame protection;
  • strict content-type handling;
  • referrer controls;
  • restricted permissions;
  • origin checks for sensitive requests;
  • rate limiting for sensitive endpoints;
  • no public caching of authenticated pages.
  • These measures help reduce the risk of common web threats such as cross-site scripting, clickjacking, unauthorized cross-origin requests, and accidental exposure of protected pages.

10. Data Minimization

TavanMind encourages clinics and users to enter only the information necessary for assessment, reporting, and follow-up.

Users should avoid entering unnecessary sensitive information into free-text fields.

Where possible, structured fields should be used instead of excessive narrative text.

11. Security Responsibilities of Clinics and Users

Security is a shared responsibility.

Clinics and users should:

  • protect account credentials;
  • use strong passwords;
  • restrict staff access;
  • remove access for inactive users;
  • secure clinic devices;
  • keep operating systems and browsers updated;
  • protect local databases and backups;
  • avoid sharing patient data through unsecured channels;
  • review user roles periodically;
  • report suspected unauthorized access.

12. Incident Reporting

If you believe there has been unauthorized access, data exposure, security misconfiguration, or vulnerability affecting TavanMind, contact:

admin@tavanmind.com

Please include:

  • a description of the issue;
  • affected page, route, or feature;
  • approximate time observed;
  • steps to reproduce, if safe;
  • screenshots or logs with sensitive data removed.
  • Do not include patient-identifying information unless necessary and authorized.

13. Limitations

No technical system is completely immune to risk.

TavanMind continuously improves its security posture, but security also depends on proper configuration, clinic-side device protection, user behavior, infrastructure settings, and contractual deployment model.

14. Contact

For security questions or vulnerability reports, contact:

  • admin@tavanmind.com