Information sheet for clinicians
Overview of security, compliance and responsibility split — for internal use at the clinic.
Coming soonBuilt for clinics
that don't compromise
Data stays in the EU
AI processing runs at a European provider.
No patient data stored
Neither personal IDs nor names end up in the notes.
Audio deleted
The recording disappears the moment the note is written.
GDPR from day one
Built around European data protection — from day one.
We build the system ourselves.
Security is built in from the start.
90
Days maximum retention
Recordings are deleted automatically. No hidden backups, no "just-in-case" copies.
Key proof
No patient archive
The AI doesn't know the patient's history. It only listens to the conversation happening right now.
Automatic deletion
Recordings are deleted after 90 days — including from backups. No hidden archives.
No AI training
Patient conversations are never used to train AI. That's a hard rule.
ISAE
3000 Type 1 · Audited by BDO
International auditing standard. Externally assessed by BDO — not something we wrote ourselves.
External validation
Audited by BDO
ISAE 3000 Type 1. Externally assessed — not something we wrote ourselves.
Agreement ready from day one
The data processing agreement is ready from day one. No legal waiting before launch.
Open vendor list
The entire chain behind the system is public. No US companies involved.
0%
US authority access
Currently with a European provider. Soon on Gefion, Denmark's own supercomputer. Your data never leaves the EU.
Coming soon
Heading to Gefion
Today in Germany with a European provider. Soon on Gefion — Denmark's own supercomputer.
Data stays in the EU
Our hosting is European. No US companies in the chain, no US jurisdiction.
We can switch AI
Switch AI model without switching product. Not locked to a single US provider.
Resources
Materials for your clinic and your patients
One-pager for patients
Short explanation of how their conversation is processed — ready to display in the waiting room.
Coming soonData processing agreement (template)
Available on request. Contact our support team for the latest version.
Coming soonGot questions?
Yes. We're audited by BDO under ISAE 3000 Type 1. All data is stored in the EU, and we sign a data processing agreement with every clinic before launch.
Three things: 1) Sign the data processing agreement we send before launch, 2) Add People's Doctor to your privacy policy, 3) Fill out a risk assessment — we provide a ready template.
Refer to your data processing agreement, risk assessment and our annual ISAE 3000 audit from BDO.
Currently on secure servers in Germany with a European hosting provider. We're moving soon to Gefion — Denmark's own supercomputer.
Only you. Our team doesn't touch your patient data day-to-day. If we ever need access in an emergency, it requires documented approval — and every single access is logged.
No. We never sell data. All our vendors — hosting, login, research partner — sit in the EU and are under a data processing agreement. No big tech, no US authorities behind the curtain.
No. Patient data is never used for model training. Your data stays yours.
ISAE 3000 Type 1 is an international auditing standard for security and compliance — externally audited. BDO has assessed and approved our control design.
We're working on the move to Gefion. We'll announce the timeline once the agreement is signed. Until then, everything runs at our European hosting provider in Germany.
We don't use US AI like ChatGPT or Claude in production — that would give US authorities access to your data. We use open models that run in the EU. If someone later acquires us, they can't change that: your contract guarantees data stays in the EU regardless of ownership.
We have a set plan if a breach occurs. Our Data Protection Officer (DPO) notifies within 48 hours — well below GDPR's 72-hour requirement. The procedure is reviewed and updated every year.
You can export all your data anytime — directly from the portal. That's your right under GDPR. When you cancel, all your data is deleted within the agreed timeframe. We never keep data "just in case" — deletion is final and documented.
Security isn't a feature – it's the foundation.
“Every line of code is built with patient data in mind. Our processes are audited by BDO.”