GDPR Compliance

autoscriber is fully committed to gdpr compliance and safeguarding the privacy of personal data across all our services we adhere to robust privacy standards grounded in our privacy policy docid k vkwukan 5hxnvprltt and supported by the following measures data management & storage practices we operate under a strict policy of data minimisation audio from consultations is never stored , and transcript and summary retention is limited strictly to the session, and only until the end user deletes it in integrated deployments (e g , with ehr systems), no transcripts or summaries are stored at all all stored data is located within the eu at all times encryption & secure infrastructure our platform ensures end to end encryption , safeguarding data both at rest and in transit we maintain secure cloud infrastructure partnerships with microsoft azure and google cloud , and employ regular penetration testing and vulnerability assessments to continuously fortify our systems supplier governance we apply a rigorous procurement policy any vendor entrusted with customer or patient data must be gdpr‑compliant and hold at least iso 27001 certification they are also subject to quarterly reviews for uptime and security incident monitoring access control & personnel training data access is strictly limited to end users only internal staff cannot access consultations belonging to other users in rare cases (e g , for troubleshooting), access may be granted temporarily but only with explicit permission from the end user we offer multifactor authentication (mfa) for standalone application access, while integrations commonly use your ehr’s single sign on (sso) capability governance & transparency our practices are formalised in our privacy policy , which clearly outlines what data we collect, why, how long it is retained, and how users can manage their data rights (e g , deletion, correction, export, objection) autoscriber processes personal data only as long as necessary , in accordance with legal or operational requirements, and provides transparent mechanisms for data exercise rights we process data under lawful bases such as consent (e g for product improvement), legal compliance, fraud prevention, customer support, and analytics limited to what is strictly needed