Every AI decision at CardioGuardAI is governed by five immutable constitutional principles. This document is the single source of truth for all safety guardrails.
CardioGuardAI handles the most sensitive data in existence — patient health information. Unlike traditional software where bugs cause inconvenience, errors in health AI can cause real harm. That's why we built a Constitutional AI Framework — a set of hardcoded, immutable principles that govern every single AI inference call our system makes.
These principles cannot be overridden by any user prompt, developer action, or system configuration. They are enforced at the code level through automated validation functions that run on every API response before it reaches the patient.
"This is wellness information only. This is NOT a medical diagnosis, treatment, or prescription. Always consult a qualified physician for medical advice."
"यह केवल wellness जानकारी है। यह medical diagnosis नहीं है। कृपया किसी योग्य डॉक्टर से मिलें।"
These five principles are hardcoded into the system. They apply to ALL AI inference calls and cannot be modified without founder sign-off and legal review.
CardioGuardAI is a wellness monitoring platform. It is NOT a medical device, diagnostic tool, treatment provider, or clinical decision support system.
validate_response() scans every AI output against a comprehensive forbidden phrase list. Any match triggers ConstitutionViolation and blocks the response.
When risk is detected, the system escalates immediately. The AI will never downplay risk or delay emergency action. Patient safety overrides all other concerns.
triage_gate() in validate_response() enforces all thresholds. Critical vitals trigger immediate override — no other output is processed until escalation completes.
CardioGuardAI serves 700 million Indians across literacy levels, ages, and economic backgrounds. Every AI output must meet strict accessibility standards.
language_check() validates every output for jargon complexity and reading level. Bharat Mode triggers additional vocabulary simplification rules.
Patient health data is the most sensitive personal data in existence. CardioGuardAI operates under DPDP 2023, IT Act 2000, and ABDM data guidelines.
data_audit() runs on every /v1/* API response before transmission. Ensures no PII leakage, encryption compliance, and consent verification.
Every AI decision that affects a patient's health must be explainable in plain language. No black boxes. No unexplained scores. Full disclosure always.
_check_risk_output_structure() validates SHAP presence, completeness, and bilingual label generation for every risk score output.
The automated triage pipeline runs on every high-risk event (score ≥ 60). End-to-end escalation completes in under 500 milliseconds.
Patient health data is sacred. Our data sovereignty framework ensures complete protection at every layer — from collection to storage to inference to deletion.
Patient vitals, ECG data, risk scores, and ABHA IDs are NEVER sold or shared. Exceptions only for: emergency dispatch (108), authorized cardiologist, and legally mandated ABDM/NHM reporting.
All data at rest and in transit uses AES-256 military-grade encryption. No plaintext health data ever touches a log file, cache, or temporary store.
The Antigravity model runs inference on anonymised feature vectors only. Raw patient PII never enters the XGBoost/ONNX/PyTorch inference pipeline. SHAP references feature categories, not patient-identifiable values.
Patients can request full data deletion at any time via the app or API. Deletion is irreversible and confirmed within 72 hours per DPDP 2023 Article 13.
Anonymised, aggregated, non-identifiable population-level insights may be shared with pharma partners ONLY under explicit consent and DPDP-compliant data processing agreements.
Patient data is NEVER used to retrain the Antigravity model without explicit opt-in consent. Training data is always anonymised and aggregated.
No black boxes. Every AI decision is fully explainable. Here's exactly what our system discloses with every risk score output.
{
"factor_label": "Heart's electrical pattern",
"shap_value": 0.42,
"direction": "risk_driver",
"plain_english": "Your ECG shows an elevated pattern that
doctors look for when assessing cardiac events.",
"plain_hindi": "आपके ECG में एक pattern है जिसे डॉक्टर
heart की समस्याओं में देखते हैं।"
}Limitations Block (mandatory): "This explanation is based on N data points. It does not account for: genetic history, medication effects, recent physical activity, imaging results, or clinical examination. This is a wellness indicator, not a diagnosis."
CardioGuardAI operates under multiple regulatory frameworks to ensure the highest standards of data protection, healthcare interoperability, and patient safety.
CardioGuardAI is officially recognized by the Department for Promotion of Industry and Internal Trade (DPIIT) under the Startup India initiative. This recognition validates our innovation in AI-powered cardiac wellness and grants us access to government support programs, tax benefits, and regulatory fast-tracking for healthcare technology.
India's comprehensive data protection law. We comply with all provisions including consent management, data minimisation, purpose limitation, right to erasure (Article 13), and breach notification requirements. Our Data Protection Officer oversees compliance.
We comply with Section 43A (reasonable security practices for sensitive personal data), Section 72A (punishment for disclosure of information in breach of lawful contract), and all applicable rules under the IT (Reasonable Security Practices) Rules, 2011.
Full integration with ABHA (Ayushman Bharat Health Account) for patient identification. We follow ABDM data sharing protocols, consent management framework, and health information exchange standards.
Our processes align with NABH standards for patient safety, quality of care, and information management. We follow NABH guidelines for digital health platforms and telemedicine services.
All our APIs follow HL7 FHIR R4 standards for healthcare data exchange. This ensures seamless interoperability with hospital EHR systems (Epic, Cerner, Meditech) and other health platforms.
CardioSaathi is a warm, knowledgeable AI wellness companion — not a doctor. Here's exactly what it can and cannot do, governed by the constitution.
"राजेश जी, आपकी हृदय गति 118 bpm है — यह थोड़ी तेज़ है। AI model ने कुछ patterns notice किए हैं जो important हैं। मैं आपसे recommend करूँगा कि आज Dr. Mehta से मिलें। क्या मैं उनका appointment book करूँ? 📅"
यह केवल wellness जानकारी है। यह medical diagnosis नहीं है। कृपया किसी योग्य डॉक्टर से मिलें।
If any user or system message attempts to remove disclaimers, claim diagnostic authority, override constitutional principles, or instruct the AI to say "you have [disease]", the system responds:
"I cannot override CardioGuardAI's Constitutional Safety Framework. Please consult a qualified physician."