Deployment

A deployment that respects your clinical model.

How Peacefull lands inside the technical and clinical operations you already run. SSO, role gating, governance committee, data posture. Written for the people on your team who have to integrate it, not sell it.

How it lands

Three conversations, covered.

Your clinicians, your scope.

Role-gated access for clinician, supervisor, admin, and compliance. MFA mandatory. Patient assignment mirrors your practice management system. SSO via SAML or OIDC; user lifecycle via SCIM.

Your governance.

A clinical governance committee (CGC) reviews every model update before it reaches patients. You seat the committee. We publish the meeting minutes. Quarterly alignment sessions with our clinical lead.

Your data posture.

BAA at no additional cost. Zero advertising partners. Row-level security on every query. 42 CFR Part 2 handling for substance-use populations. Custom data residency on request.

Peacefullai

CGC CHAIR

Dr. Okonkwo

Clinical governance · review queue

Clinicians govern the model.

Every model release passes a 7-gate lifecycle. This queue shows what's waiting for your signature and what's moving.

3AWAITING YOU

2IN CANARY

7APPROVED THIS QUARTER

0ROLLED BACK

AWAITING YOUR SIGNATUREv2026.04.22 · "Quiet escalation v2"Author: Dr. M. Okonkwo · Submitted 2d ago

Lower the Sunday-night escalation threshold to 0.68.

Companion currently escalates at ISS 0.70 across all time-of-day windows. Post-deployment monitoring of 847 supervised cases shows false-negatives cluster between 9pm–1am Sunday. This change drops the Sunday-night window to 0.68. No change to other windows.

CANARY COHORTPASS

5.0%

14 days · 2,147 patients

FALSE POSITIVESPASS

2.1%

target < 5%

FALSE NEGATIVESPASS

0.4%

target < 0.5%

INTRUSIVENESSPASS

−0.02σ

patient-reported · unchanged

PROMPT COMPLIANCEPASS

99.6%

safety pre-filters honored

— APPROVERS · 4 OF 5 SIGNED

Dr. R. VargasCBT · 2d ago

Dr. A. KahaleDBT · 1d ago

Dr. L. HalversonACT · 4h ago

J. ParkTech Lead · 2h ago

Dr. M. OkonkwoCGC Chair · pending

You are the final signer.

Approve to promote to production on all non-canary sites. Rollback is automatic if post-deploy drift > 0.3σ.

Request changesApprove and promote →

— Also in queue

CANARY · DAY 9

v2026.04.28Memory-decay recalibration

Dr. Vargas · Dr. Kahale5 days left→

PRE-CANARY

v2026.05.02Journal prompt rotation

Dr. Halverson · Design teamEval in review→

Admin console

Identity & access, in your source of truth.

SSO mirrors your IdP. Role policy mirrors your practice hierarchy. SCIM keeps user lifecycle aligned with your HR system. Everything about identity is read from where you already run it — Peacefull does not become another shadow directory.

Peacefullai

CaseloadOutcomesAuditAdmin

Mercy Health · Admin

S. Park

Admin · Identity & access

Your clinicians, your scope.

SSO mirrors your IdP, role gates mirror your practice hierarchy, lifecycle events come in via SCIM. You keep the source of truth.

SSO · identity providerActive

ProviderOkta · SAML 2.0

ACS URLpeacefullai.com/sso/saml/acs/…

Entity IDurn:peacefull:health:mercy-health

Just-in-time provisioningOn

MFARequired · enforced at IdP

SCIM 2.0 · lifecycleSyncing

Endpointscim.peacefullai.com/v2/…

Last push12 min ago · 3 changes

Members247 active · 12 pending

Deprovision on leaveImmediate

Role policy · 4 roles · synced with IdPRead-only · edits via IdP

RoleCaseloadPrescribing scopeAudit exportMembers

Clinicianownflag-only—182

Supervisorteamflag-onlyread41

Adminorg rollup—read / export18

Compliance——read / export · full log6

Recent lifecycle eventsSCIM · last 24h

14:51addhr@mercyhealthNew user · R. Patel · Supervisor · site-3

11:04changeokta-scimRole change · K. Nguyen · Clinician → Supervisor

08:22removeokta-scimDeprovision · M. Ashford · all sessions revoked

07:03addhr@mercyhealthNew user · S. Cho · Clinician · site-1

Audit export

Every event, streamable.

A tamper-evident log of every PHI access, every model decision, every escalation, every admin change. Stream to your SIEM (Splunk, Datadog) or your compliance data lake (S3, BigQuery). Chain-verified via SHA-256 with hourly Merkle root rotation.

Peacefullai

CaseloadOutcomesAuditAdmin

Mercy Health · Compliance

D. Rhee

Audit · last 24h · 4,812 events

Every access, every decision, streamable.

A tamper-evident event log of every PHI access, every safety decision, every escalation. Stream to your SIEM, your compliance data lake, or your S3 bucket. Retention mirrors your policy.

All · 4,812Escalation · 6Share · 238Model · 2,214Access · 1,876Admin · 31Export · 9search actor, subject, signature…

Splunk · HEC streamlag 0.8s · last 12sLiveDatadog · Log intakelag 1.2s · last 23sLiveAWS S3 · bucket: mercy-audit-coldhourly · parquet · KMS-CMKScheduled+ Add destination

TimestampKindActorSubjectSignature

14:52:17.119Zescalationrule:cssrs-tier-uprouted · patient + 988 + 741741 + clinician:chen0xQ7kF…9z

14:52:08.904Zmodelsafety-pre-filterARSS=0.84 · ISS=0.71 · generation blocked0xB3eP…4c

14:41:02.201Zpatient:a9f2…opt-in · thread share → clinician:chen · scope: PHQ-9 deltas0x1c9A…7d

14:08:44.013Zaccessclinician:chenread · patient:jordan-k · brief (24h) · justification: session prep0xD2uL…e2

13:50:27.908Zadminscim:oktarole change · K. Nguyen · Clinician → Supervisor0x8fRq…a1

13:35:11.562Zexportsplunk:bearerstream · 47 events · 22–23h window0x5mBw…xf

13:21:05.440Zmodelfidelity-gateMITI=0.92 · DBT=0.88 · allow0x0Zd9…qq

Chain-verified · SHA-256 per event, Merkle root rotated hourly, immutable write. Retention: 7 years (PHI) · 90 days (telemetry). Export scopes are BAA-covered.Merkle root0xRtN9…pL44

Evidence posture

BETA-1. Honest about it.

We have no published patient-outcome evidence yet, and we decline to invent any. What we do have is a deployable safety architecture, a pre-registered research program, and a public model card that changes with the product — so your clinical leadership and procurement teams can evaluate us on what is real.

Six-layer safety evaluation.

Document adherence, instruction adherence, named failure modes, tone and modality fidelity, independent clinical review, and bias & equity — every layer gates every release. Details in the model card.

Deterministic escalation.

Crisis hand-off runs on rule-based signals, audit-logged line by line — not on model judgment. 988, 741741, and clinician contact are surfaced as one-tap actions, not paragraph mentions.

Research program, pre-registered.

OBS-90, hybrid effectiveness-implementation, and a micro-randomized trial of decision points — analysis plans deposited in advance, null results committed to publication. See the research program.

FDA PCCP structure.

We follow the structure of an FDA Predetermined Change Control Plan — not because we are under authorization today, but because we intend to pursue it. Every model, prompt, and knowledge-base change is versioned and gated.

The commercial side — unlocks, contracts, sign-off.

White-labeling, multi-site, audit-log export API, and the contract template you actually run — in the companion procurement page.

Read the procurement page Talk to sales