The Corti AI Platform is designed for seamless integration into clinical environments, allowing partners to embed powerful AI capabilities into their platforms while ensuring compliance as it is deployed into each customer-specific systems. Corti’s architecture meets critical enterprise and healthcare requirements — such as data segregation, secure authentication and access control — and offers a infrastructure that supports scaling a compliant solution.
Terminology
It's important that we align on definitions of terms utilized to make sure a clear picture is painted for how we accomplish the data segregation and security that you need in your solutions:
Tenant: A tenant represents a distinct customer or organizational unit that has isolated data and configurations. Data segregation ensures that each tenant’s data remains private and inaccessible to others, while access control enforces that users can only interact with resources belonging to their own tenant.
Realm: A realm is a core concept in Keycloak. It represents an isolated space in which, users, roles, clients, and groups are defined and authentication and authorization policies are managed. Each enterprise partner of Corti is granted their own realm.
Console: The Corti Console is a partner facing application that allows for secure provisioning of integration tools to allow for quick administration of Corti's AI for business needs.
API Client: An API client represents a distinct integration or application instance registered per tenant, used to authenticate and access Corti's APIs. Each API client is logically isolated, with credentials and scopes tied to a specific tenant, ensuring that any data accessed or actions performed are restricted to that tenant’s context.
Corti Console and Provisioning Tenants
A Partner’s journey with the Corti Platform begins with access to the Corti Console:
This user interface allows partners to manage their API integrations. Within the Console, partners can:
Create and manage API credentials
Configure team access, including roles, permissions
Have tenant-specific audit trails
Access to Console relies on secure authentication (supporting SSO using federation protocols such as OpenID Connect (OIDC), SAML 2.0, OAuth 2.0, Kerbero).
Each Partner organization has its own segregated Realm within the Console, ensuring separation of data and access.
Partners can generate API Client Keys directly through the Console. A common and recommended approach is to create a API Client / API Client Key (equals to a unique service account) per hospital, clinic in order to ensure both security and data segregation. All data processed through a given API key is automatically and logically isolated — ensuring API client-level data segregation. This represents an additional layer of data isolation on top of region and realm isolation. This setup empowers partners to implement granular, client-specific data segregation and data management policies within their own applications.
Moreover, it reflects Corti Platform’s ability to extend and propagate data segregation from each end-users of each Partner’s clients all the way down to the backend data schema. Data schema and underlying data management policies are consistently enforced across all layers of the Corti Platform, including its business logic, infrastructure, data processing, and storage.
It should be noted that, while Corti guarantees this separation on its end, complete data isolation also requires that Partners applies corresponding segregation on their side of the system implementation.
Authorization to the API is governed by OAuth 2.0 (see more on the API documentation), a secure and widely used authorization framework.
Architectural Overview
The Corti Platform is hosted in Microsoft Azure, widely acknowledged as one of the most secure and compliant cloud service platforms. Corti leverages two regions for data processing and storage, EU (Netherlands/Ireland) and the US (US East and US West). Corti's architecture uses region-based tenant isolation to ensure that each tenant's resources and data are kept separate and secure.
At the core of the Corti Platform is a microservices-based, multi-tenant architecture, orchestrated through API gateways, message queues, and authenticated routing. The platform’s layered design ensures that customer systems can send audio, retrieve transcripts, receive structured clinical outputs (e.g., medical codes, summaries), and store or retrieve results—all while maintaining data separation between customers.
Our architectural security approach incorporates the following key controls:
All customer data is encrypted at rest (using AES-256 encryption algorithm) and in transit (TLS 1.2 or higher).
All API requests are subject to strict access control.
Access is granted based on specific capabilities, roles, or users.
Domain-driven design ensures that access is scoped strictly to relevant use cases.
Access control mechanisms are consistently applied across the entire system.
Model access controls enforce record ownership, preventing users from arbitrarily creating, reading, updating, or deleting records.
The principle of least privilege is enforced, with a default-deny posture.
HTTP headers are restricted, allowing only explicitly required headers.
Observability and logging are implemented.
Rate limiting mechanisms protect against abuse and ensure system stability.
Stateless JWTs are used for authentication, with short lifespans to enhance security.
OAuth 2.0 is supported as the standard for secure authorization.
Each microservice can be deployed, scaled, and maintained independently.
Kafka and Redis provide fault tolerance and high performance across varying data volumes and workloads.
Infrastructure as code scalable way to automate infrastructure management, making it easier to enforce consistency, reduce manual errors.
Secure storage and management of sensitive information such as secrets, encryption keys and certificates.
A scalable database service offering is built-in high availability and automated backups across all tenants