Inside Atlas Mind’s Tech Stack: Building a Privacy-First AI Therapist

Transparency drives trust—especially when your product handles intimate mental-health conversations. Below is a peek inside Atlas Mind’s architecture and privacy safeguards.

1. Front-End: Next.js 15 + Vercel Edge Functions

Using React server components and edge middleware lets us stream AI responses with sub-200 ms latency.

2. Back-End: Supabase + Row-Level Security

We store encrypted user data in Supabase Postgres with row-level security (RLS) so every query checks session auth.

3. Chat Engine: Streaming OpenAI GPT-4o with Function Calls

We leverage function-calling for structured tasks—mood logging, CBT worksheets—so the bot returns JSON we can render cleanly.

4. Vector Store: pgvector + Drizzle ORM

Key biographical nuggets are embedded via OpenAI text-embedding-3-small and queried with pgvector.

5. Privacy Layer: Client-Side Encryption Option

Users can choose “local-only” mode where journal text is AES-256 encrypted on device; the server stores only ciphertext.

6. Observability: OpenTelemetry + Grafana

We trace each LLM interaction for latency, cost, and toxicity-filter hits—then visualize in Grafana dashboards.

7. Continuous Compliance

• SOC 2 Type II audit in progress.
• EU AI Act technical file auto-generated from CI runs.