Security & Compliance

All data is stored exclusively in UK-based secure data centres. We never transfer or process data outside the UK/EEA, ensuring full compliance with UK data protection laws and maintaining complete data sovereignty for your practice.

Session recordings and transcriptions are protected using military-grade encryption both when stored and during transmission. Additionally, sensitive clinical data benefits from end-to-end encryption, ensuring only authorised users with proper credentials can access the information.

Only you and users you explicitly authorise have access to your data. Our staff cannot access your clinical data except in specific support scenarios with your written permission. All access is logged, audited, and protected by strong authentication measures.

We maintain a comprehensive incident response plan that meets regulatory requirements. Should any incident occur, we notify affected users promptly as required by GDPR, provide detailed information about the impact, and offer full support throughout the resolution process.

We follow UK clinical record retention requirements and GDPR guidelines. Data is retained for the legally required period for healthcare records. You maintain full control and can request deletion at any time, subject to legal obligations.

We provide comprehensive tools to manage and document client consent for recording and data processing. Consent records are securely timestamped, fully auditable, and can be withdrawn at any time, helping you maintain compliance with professional standards.

Our platform employs multiple layers of security including continuous monitoring, advanced threat protection, regular security assessments, and compliance audits. All team members undergo comprehensive security training specific to handling sensitive health data.