Theradocx is building a highly sensitive SaaS platform for psychotherapists, enabling secure audio recording of therapy sessions and AI-powered generation of reports.
The platform operates under strict regulatory requirements (GDPR, ISO 27001, AI Act) and ambitious growth targets of 1,000+ users.
Challenge
The team faced key questions:
- How can the architecture be further improved for healthcare-grade requirements?
- Can the platform scale cost-efficiently to thousands of therapists?
- Can optimisation opportunities be identified in cloud infrastructure, cryptography, and operations?
- How prepared is the organisation for incidents, outages, and audits?
Approach
Structured software architecture review based on a deep-dive workshop with the Theradocx engineering team.
- Azure Cloud & infrastructure architecture
- Multi-tenant security model
- Cryptographic design and key management
- Scalability of databases and AI workloads
- CI/CD, observability, and operational excellence
Theradocx commissioned an independent review as part of their continuous security and compliance strategy, to validate their setup and receive concrete, actionable recommendations.
The Approach
Posedio validated that Theradocx already had a strong architectural foundation and was following numerous industry best practices. Building on this, the review delivered clear improvement paths across four critical dimensions:
Compliance
In the area of security and compliance, the review validated the use of tenant-isolated encryption based on Azure Key Vault. It defined a clear roadmap for implementing a zero-trust architecture, improving network security, and a Web Application Firewall (WAF). In addition, recommendations were provided for key rotation, session-based encryption keys, and enhanced identity management. The engagement also outlined concrete steps toward ISO 27001 readiness and the implementation of GDPR-aligned controls.
Cost Efficiency
To enhance scalability and cost efficiency, Posedio recommended consolidating databases into a unified, scalable data model. At the same time, strategies were developed to reduce cloud costs while preserving strict tenant isolation. The review further provided guidance on optimising AI workloads and improving transparency around infrastructure and processing costs.
Operations
To strengthen reliability and operations, the review introduced the systematic use of SLOs, SLIs, and structured SLA tracking. It also recommended establishing an incident management process as well as disaster recovery and backup strategies. Posedio also recommended implementing observability enhancements that utilise metrics, logs, and traces to ensure operational visibility without exposing sensitive information.
Enablement
In the area of engineering enablement, the review focused on hardening CI/CD pipelines through immutable artefacts and automated rollback mechanisms. It established best practices for Infrastructure as Code using Terraform pipelines and defined a clear strategy for automated onboarding and environment provisioning to support future organisational growth.
Results
Scalability
Architecture validated for growth to 1,000+ tenants.
Risk Mitigation
Reduced operational and cost risks.
Data Security
Clear security roadmap for sensitive healthcare data
Audit-Readiness
Improved readiness for audits, incidents, and certifications.
Engineering Support
Engineering team empowered with concrete, prioritised actions.
Posedio confirmed that Theradocx is well-positioned to scale, with targeted improvements that significantly reduce risk while keeping development velocity high.
Why It Matters
For healthcare and AI-driven SaaS platforms, trust, security, and scalability are non-negotiable.
This engagement helped Theradocx turn a solid technical foundation into a future-proof platform, ready for growth, regulation, and safe operations.
