Agent TOBO — AI employees & medical imaging for Indian healthcare

Enterprise radiology operations, isolated and auditable.

Unify multi-site imaging, remote reporting and billing on one platform with organization-level data isolation, encryption and audited access your security and compliance teams can sign off on.

Frequently asked questions

Is tenant isolation a configuration setting or an enforced gate?

An enforced gate. Every tenant-scoped table carries row-level security in FORCE mode, which applies to the application's own database account too — so isolation does not depend on remembering a WHERE clause, and it cannot be switched off per environment without a migration.

Can we prove who accessed, edited, signed or exported a report?

Yes. Sensitive actions are written to an append-only, hash-chained audit log with full version history. The database physically rejects updates and deletes on it, so the trail is tamper-evident rather than merely tamper-discouraged.

Is every endpoint authenticated, or only the UI?

Every non-public endpoint validates a Keycloak-issued JWT server-side. The interface is not the control — an unauthenticated request to a data endpoint is refused whether it comes from the app, a script, or curl.

Who signs the report — can AI ever sign it?

Never. AI output is always a draft; only a registered radiologist can finalise, and a finalised report is terminal and locked. That boundary is enforced in the report state machine, not by a UI convention.

Where is patient data processed and stored?

In India, on AWS Mumbai (ap-south-1). The platform is built DPDP-ready by design, and the imaging store is never exposed publicly — image access goes through the authenticated gateway.