Privacy. Heidi.

Built by clinicians.
Impossibly secure.

At Heidi Health, your data's privacy, security, and compliance are not just commitments but the essence of our service. Our proactive and advanced measures ensure that your information remains protected, transparent, and within your control.


Setting new standards in data handling.

Specialized and Secure Data Handling

Heidi employs a specialized transcription process, ensuring no recordings and patient information are stored.

Advanced Processing and Storage

Data is processed through customised Large Language Models (LLMs) and stored in privately hosted servers. Our systems are ISO27001 and HIPAA compliant, featuring robust encryption protocols both at rest and in transit to protect medical information.

Trust Centre

For a higher level understanding of our security posture and maturity please check out our Trust Centre - here you can see our commitment to data, privacy and infrastructure and product security.

Processing medical data is just about the most sensitive thing you can do. We understand. That's why we pride ourselves on being responsible stewards for your data.


You wouldn't leave your door unlocked.

Advanced Protection

We employ comprehensive security measures, including sophisticated encryption and secure server infrastructure, to guard against unauthorized access and data breaches.

Responsible Data Handling

Data is handled and stored with stringent protocols, utilizing de-identification tools for anonymity in business improvement and analysis.

Continual Improvement and Staff Training

We adapt our security measures in response to emerging threats and technological advancements. Staff training is pivotal, ensuring every team member is versed in the latest security protocols and best practices.



Data Collection

Only essential personal and health information is collected in strict compliance with international privacy regulations such as HIPAA and GDPR ensuring the utmost confidentiality and security for our users.

Uncompromised Security

Data is stored locally, safeguarded by advanced security measures like de-identification techniques, regular system audits, and penetration tests to prevent unauthorized access or misuse.

Transparency and Responsibility

We champion transparency and give you full control over your data, with rights to access, correct, or raise concerns. Our practices are continually refined to stay in sync with the latest privacy standards.


Are you medico-legally approved?

Yes, here at Heidi we ensure that we comply with guidance information released by Medical Defence Organisations (MDO) and provide doctors with all the relevant tools and materials to obtain consent from patients. Guidance from MDA National-

Where is my data stored?

We understand the importance of data security and privacy and we're committed to safeguarding your information. Currently, your data is stored securely in Australia, with strict adherence to global standards including HIPAA, GDPR, PIPEDA, PHIPA, and PIPA. Additionally, understanding the importance of data sovereignty we're actively working towards implementing data localization solutions which will enable you to store your data locally to your jurisdiction- to find out the current status of our data localization efforts please reach out to a member of our friendly team.

Who has access to the consult information?

No one else has access. Only you will receive the clinical notes generated from the recording.

How long will the recordings and patient notes be stored?

At Heidi consult recordings are never stored unless you opt-in to save your consult voice recording. We also give you the opportunity to review patient note outputs however long you wish prior to deletion. You can access both consult voice recording opt-in and the length of time patient information is stored, in your account settings page You can also find more detailed information about how we handle, store, and secure your data in our Privacy Policy here.

Learn more about
privacy at Heidi.

It's no joke.