Behind the build · 4 min

Where we drew the line on our AI assistant

Most AI helpers are built on a shortcut that quietly decides what the AI is allowed to see. In a practice full of client records, that decision is too important to hand to a shortcut — so we kept it ours.

The AI assistant inside Teja can do a lot of useful things — pull up a client’s history, draft a note, find a billing detail, answer a question in plain language. The interesting part isn’t what it can do. It’s everything we made sure it can’t.

Because here’s the quiet truth about AI assistants in 2026: the fast way to build one comes with a shortcut. You pick up an off-the-shelf toolkit, plug in a model, and within a few days you have something that demos beautifully. We’ve used those toolkits ourselves on smaller projects, and for the right job they’re a great choice.

But that shortcut makes a decision on your behalf that we weren’t willing to let it make.

The decision that can’t be borrowed

Every time an AI assistant does something, a question has to be answered first: should it be allowed to?

  • Is this the right person asking?
  • Is this their client, or someone else’s?
  • Is this client’s information even allowed to leave for this kind of request?
  • And was the access written down, so there’s an honest record of it?

In a platform serving thousands of independent practices, getting one of those wrong isn’t a glitch — it’s someone’s private health record in the wrong place. These are exactly the questions a general-purpose toolkit can’t answer for you. It doesn’t know your clinic, your clients, or the rules a therapy practice has to live by. So if you lean on the shortcut, you end up taping your most important safeguards onto the outside of something that was never built to enforce them.

We didn’t want our safeguards taped on. We wanted them built in.

So we kept the controls in our own hands

The part of our assistant that decides whether to act at all — who’s allowed, whose data, where it can go, and writing down every access — is code we own and control. It runs before the assistant does anything, every single time, and it fails safe: if the assistant tries to reach for the wrong client’s record, it’s quietly corrected back. If an access can’t be properly recorded, the action simply doesn’t happen.

None of that is optional, and none of it can be skipped, because it isn’t borrowed from a library that might change underneath us. It’s ours.

What we did happily borrow

To be clear, this isn’t pride in reinventing things. We borrow plenty.

The genuinely clever part of an AI assistant is the judgment — the ability to second-guess a weak answer before showing it, to learn when a clinician marks a reply unhelpful, to sound like a thoughtful colleague instead of a chatbot. We’d built a lot of that on an earlier project, and we carried all of it across. We just didn’t carry across the shortcut that would have made the safety decisions for us.

Why it’s built this way

Owning that layer is more work. We could have shipped sooner with the shortcut. But the thing the shortcut quietly takes off your hands — deciding what the AI is allowed to see — is the one thing a therapy practice can’t afford to get wrong.

So that’s the line we drew. The clever, helpful part of the assistant: borrow the best of it. The part that protects a clinician and her clients: keep it ours, where it can’t be bypassed.


This is one of a short series on the choices behind Teja — the same idea runs through why we built our own telehealth: when the safe version of a feature can only be built by owning the layer underneath it, we own the layer.

← Back to the blog