It’s no joke.

Safety

Go to Trust Centre
Dropdown
Here are badges relevant to your country:
Iso logoGdpr logoHipaa logopipeda logopipaphipa logophia logoquebec  privacy act logonhs logoapp logoCyber essentials certified logoBage Icon
World Map

Built by clinicians.‍

‍Impossibly secure.

Seriously.

ONLY AT HEIDI

Your data's privacy, security, and compliance are not just commitments but the essence of our service. Our proactive and advanced measures ensure that your information remains protected, transparent, and within your control.

Compliance

Setting new standards in data handling

Specialized and Secure Data Handling

Heidi employs a highly secure specialized transcription process, ensuring no recordings and patient information are stored at any point.

Card Gradiant
Advanced Processing and Storage

Data is processed through customised Large Language Models (LLMs) and stored in privately hosted servers. Our systems are ISO27001, SOC2 and HIPAA compliant, featuring robust encryption protocols both at rest and in transit to protect medical information.

Card Gradiant
Trust Centre

For a higher level understanding of our security posture and maturity please check out our Trust Centre - our centralised hub for Heidi's security and compliance information. Here you can see our commitment to data, privacy and infrastructure and product security.

Card Gradiant

Processing medical data is just about the most sensitive thing you can do. We understand. That's why we pride ourselves on being responsible stewards for your data.

Go to Trust Centre
Security

You wouldn't leave your door unlocked

Advanced Protection

We employ comprehensive security measures, including sophisticated encryption and secure server infrastructure, to guard against unauthorized access and data breaches.

Responsible Data Handling

Data is handled and stored with stringent protocols, utilizing de-identification and pseudonymization tools for anonymity in business improvement and analysis.

Continual Improvement

We adapt our security measures in response to emerging threats and technological advancements. Staff training is pivotal, ensuring every team member is versed in the latest security protocols and secure coding techniques.

Privacy

Uncompromising,
transparent,
responsible.

Data Collection

Only essential personal and health information is collected in strict compliance with international privacy regulations such as HIPAA and GDPR ensuring the utmost confidentiality and security for our users.

Data collection image

Uncompromised Security

Data is stored locally, safeguarded by advanced security measures like de-identification techniques, regular system audits, real-time security monitoring, and penetration tests to prevent unauthorized access or misuse.

Shild with plus image

Transparency and Trust

We champion transparency and give you full control over your data, with rights to access, correct, delete or raise concerns. Our practices are continually refined to stay in sync with the latest privacy standards.

Hand blue image

FAQs

Are you medico-legally approved?

At Heidi, we actively collaborate with insurers and industry bodies to ensure our compliance with the responsible and ethical use of artificial intelligence in healthcare. This collaboration facilitates our standing on how to equip clinicians with the necessary tools and resources to obtain informed consent from patients, and reinforces the need to review all outputs to ensure they meet medical legal standards. With our commitment to best practices, we help you manage the risks associated with using AI in healthcare.

Do you sell data to third parties?

Absolutely not. At Heidi, we hold a strong commitment to your privacy and security. We never engage in the practice of selling patient or clinician data to anyone. Your data is safe and strictly confidential.

Where is my data stored?

We understand the importance of data security and privacy and we're committed to safeguarding your information. We have implemented data localization solutions for customers located in Australia, Canada, US, and UK, with strict adherence to jurisdiction specific standards, including HIPAA, GDPR, PIPEDA, PHIPA, and PIPA. This means that if you are located in Australia, Canada, US, or the UK, your data stays where you are.

Who has access to the consult information?

Only you have access to your consultation information. The clinical notes are live-generated from the recording between you and your patient, and delivered exclusively to you. We adhere to the least privileged access principle, meaning that only the minimum necessary access is granted to perform the required tasks for the purpose of service provision,further safeguarding your information.

How long will the recordings and patient notes be stored?

At Heidi, recordings you uploaded or made during your consultation are never stored. We also offer you the flexibility to review patient note outputs for as long as you wish before your deletion. You can either opt to keep them indefinitely or set them to be automatically deleted after a specified period of time. You can manage your preferences for your visit through your account settings page. For more detailed information about how we handle, store, and secure your data, please refer to our Privacy Policy Page.

Learn more about privacy at Heidi

It’s no joke.