Upheal is an AI therapist progress notes platform founded in 2022 with a team in the USA and Czech Republic. The company works with leading US mental health networks such as Alma, Cartwheel, Checkpoint EHR and Author Health to prevent provider burnout and help clinicians focus on care rather than paperwork.
In a sector where sensitive health data and AI intersect, trust is not optional. It’s the foundation for adoption.
The Challenge
For therapists, clinical note-taking during or after sessions is essential, but time-consuming and disruptive to the therapeutic flow.
Upheal trained and built its own AI pipeline to automate real-time progress note generation, but faced a core challenge: processing sensitive health data with AI, in a market where trust among mental health providers in the US and Canada remains low.
To scale responsibly and win enterprise trust, Upheal needed to:
Earn and maintain provider confidence in how it handles sensitive health information.
Meet HIPAA requirements and achieve SOC 2 Type II accreditation.
Embed privacy directly into product workflows and feature roadmaps, not bolt it on later.
Upheal’s mission is simple: let providers spend less time on notes and more time on care. Achieving that required privacy and compliance to be built in from the start.
The Solution
From Early Advisory to Strategic Partner
Since 2022, our founder worked as Upheal’s primary data protection advisor through our partner law firm, Sparring, guiding their early product development through HIPAA requirements.
As Upheal grew, it became clear that privacy and compliance needed a more embedded, operational structure. We helped Upheal implement an interim DPO model that provided regulatory coverage and day-to-day privacy leadership during a critical growth phase.
When Assenteo launched in 2024, this model was formalized and centralized: Sparring remained a valued legal partner, while DPO services and operational data protection advisory were transitioned fully to Assenteo. This gave Upheal a single line of accountability, faster execution loops, and a privacy foundation designed to scale with the product.
Privacy as Product Strategy
Unlike traditional compliance approaches that react to regulations late in the product lifecycle, Upheal embedded privacy into its product architecture from the beginning. From session capture and AI scribing to storage of progress notes, every feature needed design and development with client data protection and transparency in mind.
“When we built Upheal, we knew that providers needed the insight into how their clients' personal health data is processed by us. Having worked with the team over the years, Assenteo was a clear choice for continued support of our data compliance. They feel like part of the team when working with us.”
Martin Horvath, CTO & Co-founder, Upheal
Since December 2024, Assenteo has acted as Upheal’s official DPO, serving as the primary point of contact for regulatory authorities and client privacy queries. For Upheal, this means:
Privacy and compliance support is delivered directly in Slack, enabling fast and collaborative responses for leadership, product, and engineering teams.
Building public-facing trust collateral, including a Privacy & Compliance Hub and guiding blog content on AI notetaker privacy.
Supporting the team on useful content and resources, including consent templates, that streamline compliance for users.
HIPAA compliance and SOC 2 Type II accreditation support, ensuring Upheal’s data processing meets enterprise expectations.
Why Upheal Chose Assenteo Over Alternatives
Upheal explored different compliance options before selecting Assenteo as its strategic partner:
Productised compliance solutions and templates and too rigid for the specific needs of a fast-moving AI product, in healthcare.
Heavy custom consultancy was overbearing for the company’s growth stage and product velocity.
Assenteo offered the right balance of hands-on advisory, embedded oversight, and startup experience. By working inside their workflows, we aligned compliance with how Upheal actually builds.
Results and Future Plans
We’ve helped position Upheal ahead of competitors by turning compliance from a checkbox into a growth driver:
Faster enterprise readiness. Upheal entered key US and Canadian markets with HIPAA, GDPR, and SOC 2 Type II preparation in place, reducing friction in enterprise adoption.
Streamlined trust operations. A single DPO and clear privacy narrative allow the company to confidently address regulator and client questions without diverting product or leadership bandwidth.
Ownership of the privacy narrative in its category. Upheal is now a visible leader on privacy in AI mental health scribing, publishing transparent frameworks and guidance that set a higher industry bar.
Accelerated product launches. Privacy embedded in the development lifecycle means new features can ship without long compliance bottlenecks.
