Cross-cutting capabilities

Capabilities that show up across all three Auxilison surfaces — they're not part of any single navigation but appear wherever they're needed. Identity, notifications, search, AI features, audit and compliance, integrations.

Overview

Some Auxilison capabilities don't belong to any single surface. They're behaviors of the whole system that manifest across the Creator Studio, the Practitioner Workspace, and the Client App in ways appropriate to each role. This documentation walks through them.

Six cross-cutting domains:

• Identity and access — how users sign in and what they're allowed to do
• Notifications — how the system reaches users with timely information
• Search — how users find what they need across resources
• AI capabilities — where machine assistance shows up and how it behaves
• Audit and compliance — how the system maintains a defensible record of every action
• Integrations — how Auxilison connects to the rest of a creator's stack

Identity and access

Identity is unified across the three surfaces. A user signs in once and is recognized across the application's relevant surfaces based on their role.

Single sign-on across all three surfaces

A creator who is also a practitioner (common for solo practitioner-creators) signs in once and accesses both surfaces with appropriate context. A practitioner who has been authorized by multiple creators sees a creator selector at sign-in. Identity tokens are scoped per-creator to maintain data isolation.

Multi-factor authentication

Required for creator and practitioner accounts (administrative accounts have higher security stakes). Optional for client accounts (where it can introduce friction and reduce engagement). Standards-compliant (TOTP, WebAuthn for hardware keys, SMS as a fallback though discouraged for security reasons).

Magic-link login for clients

Clients sign in via a magic link sent to their verified email or phone number. No password to remember, no MFA-style friction at sign-in. The link is single-use and short-lived (15 minutes by default). On mobile devices, biometric authentication (Face ID, fingerprint) handles subsequent re-auth without requiring another magic link.

This design choice is deliberate: the friction of password management is a meaningful barrier to client engagement in clinical contexts. Magic-link auth removes that friction without sacrificing security at the level appropriate for client data.

Role-based access throughout

Every action in the system is permission-checked against the user's role and scope. Standard roles within a creator organization:

• Owner — full access including billing, organization deletion, role assignment
• Admin — full operational access without billing or destructive organization actions
• Editor — program authoring and content management; no network or billing access
• Analyst — read access to outcome data and reports; no editing capability
• Billing — billing and subscription management only

Custom roles with granular permission control are available for organizations with unusual access needs. Every administrative action is audit-logged regardless of the role taking it.

For practitioners, access is scoped to their own clients and the programs they're authorized to deliver. A practitioner cannot see another practitioner's clients (even within the same creator's network) unless the creator has explicitly enabled cross-practitioner visibility for cohort or supervision purposes.

For clients, access is scoped to their own data and their assigned program(s). Clients cannot see other clients' information regardless of programmatic access path.

Notifications

Notifications reach the right person through the right channel at the right time. Configurable across three dimensions: what triggers a notification, which channel it uses, and when it's allowed to send.

Channels

• Email — for any user, for any notification type. Templated and brand-customized.
• SMS — where included in the tier (creators on Network and above can include SMS reminders for clients up to a fair-use volume; additional volume available as a paid add-on).
• Push notifications — for mobile users (practitioners with the companion app, clients with the Client App).
• In-app notifications — surface in the application's notification center; useful when a user is already in the app.
• Webhook — for technical integrations; the creator's external systems can subscribe to specific event types and receive structured event payloads.

Granular per-user preferences

Each user controls which event types they receive, through which channels, with what timing. The default settings are sensible for most users; the customization is there for users who want fine-grained control.

Quiet hours and time zones

Notifications respect each user's quiet hours and time zone. A practitioner working primarily in PT and a client primarily in ET both receive timing-sensitive notifications appropriately. Quiet hours apply to push and SMS by default; email is delivered any time but not surfaced as a sound or vibration during quiet hours on supporting devices.

Search

Universal search within each surface, with cross-resource matching where it makes sense.

Within each surface

The search bar (typically accessed via a keyboard shortcut on web — ⌘K on Mac, Ctrl+K on Windows) finds anything reachable from the user's current scope:

• Creator Studio — programs, sessions, library assets, practitioners, settings pages
• Practitioner Workspace — clients, sessions, messages, documents, programs, settings
• Client App — sessions, notes, messages, forms, documents

Cross-resource search

Search results aggregate across resource types. Searching "anxiety" in the Practitioner Workspace returns matching client notes, matching message threads, matching documents, and matching program content — grouped by type and ranked by relevance.

Privacy-preserving

Search respects access control. A user cannot find a resource via search that they don't have permission to access. Search query logs are retained at the user level for the user's own search history and are not visible to administrators except in audit-investigation contexts.

AI capabilities

AI is integrated into Auxilison where it provides clear value to a specific user role. We don't use AI ornamentally; we use it in places where it materially reduces administrative burden or improves accessibility. Four current applications:

AI session notes

For practitioners. Automatic transcription and structured note generation from video sessions.

How it works

With explicit client consent, a video session is recorded. The recording is transcribed by Whisper-class transcription, then structured into clinical-format notes by a language model. The output is a draft note — never a final note. The practitioner reviews, edits, and saves; only the practitioner's final version becomes part of the client record.

What it produces

• Structured session summary (what was discussed, what the client expressed)
• Key themes and patterns identified
• Action items and follow-ups (with the practitioner's verification)
• Suggested topics to revisit in the next session
• Links to specific timestamped moments in the session for review

What it does not do

AI session notes do not autonomously make clinical judgments. They draft administrative documentation. The practitioner remains the clinician of record. The recording is retained per the creator's data retention policy (typically deleted after note generation, though some creators retain for supervision purposes with appropriate consent).

AI summary of client activity

For practitioners. Periodic synthesis of a client's program engagement.

Before a scheduled session, the practitioner can request an AI-generated summary of the client's activity since the last session: what they completed, how their reflections trended, any flagged check-ins, assessment changes if applicable. The summary helps the practitioner come into the session prepared without having to manually scroll through the client's recent activity.

Like AI session notes, these summaries are drafts. The practitioner reads them with their own clinical judgment intact and uses them as a starting point, not a substitute for clinical attention.

AI-assisted content tagging

For creators. When an asset is uploaded to the Library, AI suggests tags based on the content (audio analyzed for content type and themes, video analyzed for visual content, PDF text analyzed for topical tagging). Suggested tags appear during the upload review; the creator confirms, edits, or rejects them.

Good tagging makes content searchable and reusable across programs. The AI assistance reduces the administrative work of maintaining a well-tagged library, particularly for creators with substantial content collections.

AI accessibility

Auto-captioning for video and alt-text suggestions for images embedded in PDFs. The output is never the final word — captions are generated from the video's audio with the creator's review opportunity, alt-text suggestions appear during PDF processing for the creator to confirm. The objective is to make accessibility easier to maintain, not to claim accessibility automation that hasn't been verified.

Audit and compliance

Auxilison is built to be a defensible operational platform for clinical work. The compliance posture isn't an add-on — it's part of how the system functions.

HIPAA-compliant infrastructure

Auxilison is HIPAA-compliant from the foundation up. Specifically:

• Encryption at rest — all client data, session recordings, messages, and documents encrypted in storage
• Encryption in transit — TLS 1.3 for all network communication; certificate pinning on mobile
• Access controls — role-based access enforced at the database level
• Audit logging — comprehensive (see below)
• Workforce training — Auxilison personnel with access to customer data complete required HIPAA training
• Business Associate Agreement (BAA) — signed BAAs available for every customer; the standard BAA is downloadable from the creator's settings

Comprehensive audit logging

Every action that touches client data is logged with: user identity, timestamp, action taken, resource affected, source IP, source device, and result. Audit logs are append-only at the storage level; they cannot be modified or deleted by users including administrators.

Audit logs are retained for the duration required by HIPAA (six years from creation) or longer per creator-specified retention policy. Logs are exportable for compliance audits, security investigations, or any other lawful purpose.

Data export in compliance-appropriate formats

Customer data is portable. At any time, a creator can request a structured export of:

• All program content authored by the creator
• All client records (with appropriate de-identification options)
• All assessment results, longitudinal where applicable
• All session histories and outcomes
• All audit logs for the creator's organization

Standard export formats: CSV for tabular data, JSON for structured data, PDF for documents, original media files (MP3, MP4, PDF) for content. Research-grade exports include longitudinal structure and IRB-compliant de-identification options.

SOC 2 readiness path

Auxilison is on a path to SOC 2 Type 2 certification. The foundational controls are in place; formal certification follows once the operating period for testing has accumulated. Customers requiring SOC 2 attestation should reference the most current state of certification at our team.

Integrations

Standard integrations available across surfaces, organized by functional category.

Calendar sync

Two-way sync with Google Calendar, Outlook, and iCloud. Available to practitioners and (more limitedly) to clients. Appointments booked in either system appear in both. Time blocked in the external calendar is treated as unavailable for client booking through Auxilison.

Email delivery

Transactional email delivery via SendGrid (or equivalent). System emails (appointment confirmations, magic-link sign-in, notifications) come from a brand-customized sender. Creator organizations can configure their own sending domain for fully branded delivery.

Payment processing

Stripe and Stripe Connect integration. Two distinct payment patterns supported:

• Creator-billed — the creator's organization handles all client billing; practitioners are paid by the creator on whatever schedule the creator's business model uses
• Practitioner-billed — individual practitioners receive client payments directly via Stripe Connect; the creator does not touch the money

Both patterns work in the same Auxilison installation; configuration is per-practitioner.

Video conferencing

Self-hosted Jitsi is the primary video infrastructure. HIPAA-compliant, no third-party dependency for the call itself, recording capability for AI session notes (with consent). Zoom integration is available as an alternative for practitioners who prefer it or have established Zoom-based workflows.

Wearable data import

Read-only import from Apple Health, Fitbit, Oura, and Garmin. The integration is intentionally light — Auxilison ingests basic biometric data (heart rate variability, sleep, activity) where the program uses it for feedback. We do not present the depth of biometric analysis available in dedicated wearable platforms; we import enough to inform program work.

Webhook system and API

For technical integration with external systems.

Webhooks

Subscribe to specific event types and receive structured event payloads at a creator-specified endpoint. Common subscriptions:

• Practitioner certification events (new authorization, lapse, removal)
• Client lifecycle events (enrollment, completion, drop-off)
• Outcome events (assessment completion, milestone reached)
• Operational events (subscription change, fair-use threshold approached)

API

Programmatic access on Network tier and above. Read access to network state, outcome data, program structure. Write access for program management and practitioner management. Full read/write API on Enterprise tier.

The API is REST-based with OAuth 2.0 authentication. SDKs available for JavaScript/TypeScript and Python; community SDKs in development for other languages. Rate limits scale with subscription tier.