CliniVoice AI is designed from the ground up for the security requirements of UK healthcare. Your patients' data never leaves UK infrastructure.
Our certifications and compliance framework
How your patient data flows through our system
Audio files are sent to Groq Whisper (SOC 2 Type II certified) for transcription. They are deleted from Groq's servers immediately after transcription. Audio is never stored on our servers.
Clinical transcripts and formatted letters are stored encrypted in Supabase's EU West (London) region. Data is protected by row-level security — only you can access your records.
Letters are retained for 8 years per the NHS Records Management Code of Practice. You can delete your data at any time from Settings. Account deletion purges all data within 30 days.
Technical measures protecting your data
The AI models we use and how patient data is handled in each
| Service | Purpose | Data Sent | Location |
|---|---|---|---|
| Groq Whisper Large v3 Turbo | Speech-to-text (primary) | Audio — deleted immediately per Groq DPA | USA (SCCs) |
| Google Gemini | Text formatting only | Text transcript only — no audio | Global |
| Supabase | Database & Auth | Transcripts, letters, user accounts | EU-West (London) |
Our certification roadmap
| Certification | Details | Status |
|---|---|---|
| ICO Registration | Application in progress | Roadmap |
| GDPR Article 9(2)(h) | Health data processing for medical purposes | Active |
| NHS Records Management Code | 8-year clinical record retention | Active |
| UK GDPR / Data Protection Act 2018 | Full compliance | Active |
| Cyber Essentials | Planned certification | Roadmap |
| ISO 27001 | Information security management | Roadmap |
| NHS DSP Toolkit | Data Security and Protection | Roadmap |
| DTAC Assessment | Digital Technology Assessment Criteria | Roadmap |
Common compliance and security questions
We respond to procurement and information governance requests within 2 business days.
Contact IG Team