Does Heidi store audio from consultations?

No, Heidi transcribes audio live and never stores it. Once your visit ends, it's gone. Audio is encrypted in transit throughout. Only your transcript and notes are kept, never the audio. You're in full control: delete manually or set an auto-delete schedule so nothing lingers longer than it needs to.

Where are Heidi’s servers storing my data?

Locally. Heidi’s “brain” (aka servers) stays strictly in the region you’re based in, keeping everything in line with data localisation requirements under regulations like GDPR.

How does Heidi protect personal and health data in Europe?

Heidi is GDPR-compliant and processes health data only for the specific purpose the clinician sets. Patient data is never shared with third parties for commercial purposes, and it is never used to train Heidi's AI models. A Data Processing Agreement is available on request.

Can Heidi provide a Data Protection Impact Assessment (DPIA)?

Yes, Heidi has completed its own Data Protection Impact Assessment (DPIA), available to download through the Trust Centre. It covers data flows, storage, retention and deletion in full. If you need supporting documentation for internal approval or governance review, we can provide our DPIA alongside additional security and compliance materials as applicable.

Heidi AI

Secure your customers' data

Lawfulness, Fairness, and Transparency

We process all personal data lawfully, fairly, and in a transparent manner in relation to the data subject.

Data Minimization

We process all personal data lawfully, fairly, and in a transparent manner in relation to the data subject.

Consent is important, and we support clinicians in getting clear agreement from patients before using Heidi in a consultation. That’s part of the normal clinical process. From a data protection perspective, Heidi doesn’t rely on consent under GDPR. Instead, we process data on the controller’s instructions, under Article 6(1)(e) (public task) or Article 6(1)(f) (legitimate interests), and Article 9(2)(h) for health data.

Rights of the Data Subject

We fully support the rights of individuals under GDPR, including the right to access, correct, delete, and restrict processing of their data, the right to data portability, and the right to object.

Data Protection by Design and by Default

We implement appropriate technical and organizational measures that ensure and demonstrate that we process personal data in compliance with GDPR. This includes measures to protect data against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

Data Transfer

We ensure your data remains within the EU/EEA and is protected in accordance with GDPR requirements.

Data Breach Notification

We ensure your data remains within the EU/EEA and is protected in accordance with GDPR requirements.

Data Protection Officer (DPO)

We ensure your data remains within the EU/EEA and is protected in accordance with GDPR requirements.

Secure your customers' data

Lawfulness, Fairness, and Transparency

We process all personal data lawfully, fairly, and in a transparent manner in relation to the data subject.

Data Minimization

We process all personal data lawfully, fairly, and in a transparent manner in relation to the data subject.

Rights of the Data Subject

We fully support the rights of individuals under GDPR, including the right to access, correct, delete, and restrict processing of their data, the right to data portability, and the right to object.

Data Protection by Design and by Default

Data Transfer

We ensure your data remains within the EU/EEA and is protected in accordance with GDPR requirements.

Data Breach Notification

We ensure your data remains within the EU/EEA and is protected in accordance with GDPR requirements.

Data Protection Officer (DPO)

We ensure your data remains within the EU/EEA and is protected in accordance with GDPR requirements.

Frequently Asked Questions about GDPR Compliance

Yes. From ensuring your personal data remains within the EU/EEA and is protected in accordance with GDPR requirements to lawful, fair, and transparent data processing and transfer, Heidi safeguards your personal data with strict protocols and robust security measures. We use a continuous compliance management system that makes sure we are always vigilant for our GDPR compliance, instead of a point in time audit which can lead to vulnerabilities in between audits. Learn more about our GDPR compliance practices here.

Ask AI about Heidi:

Ask AI about Heidi:

GDPR

GDPR

Secure your customers' data

Lawfulness, Fairness, and Transparency

Data Minimization

Rights of the Data Subject

Data Protection by Design and by Default

Data Transfer

Data Breach Notification

Data Protection Officer (DPO)

Secure your customers' data

Lawfulness, Fairness, and Transparency

Data Minimization

Rights of the Data Subject

Data Protection by Design and by Default

Data Transfer

Data Breach Notification

Data Protection Officer (DPO)

Related articles

Automation Bias in Healthcare and Heidi

Healthcare Data Processing and Encryption at Heidi

Informed Consent in Healthcare and Heidi

Frequently Asked Questions about GDPR Compliance

Is Heidi General Data Protection Regulation (GDPR) compliant?

Does Heidi store audio from consultations?

Where are Heidi’s servers storing my data?

How does Heidi protect personal and health data in Europe?

Can Heidi provide a Data Protection Impact Assessment (DPIA)?

Related articles

Automation Bias in Healthcare and Heidi

Healthcare Data Processing and Encryption at Heidi

Informed Consent in Healthcare and Heidi

Frequently Asked Questions about GDPR Compliance

Is Heidi General Data Protection Regulation (GDPR) compliant?

Does Heidi store audio from consultations?

Where are Heidi’s servers storing my data?

How does Heidi protect personal and health data in Europe?

Can Heidi provide a Data Protection Impact Assessment (DPIA)?