Security & compliance
Built for your risk, DPO & IT teams
MedChat indexes only your publicly available website content — it never touches patient records or insurance data. Everything below reflects how the product is designed; production deployment is always subject to your DPO's approval.
GDPR by design
A Data Protection Impact Assessment is completed. Only public content is indexed — no patient records, no insurance data. Full data-subject rights, including erasure.
EU data residency
Your data stays in the European Union. A private-cloud (dedicated) deployment is available for hospitals that require it.
EU AI Act — limited-risk
Self-assessed as a limited-risk information system (transparency obligations). It is not a medical device and performs no diagnosis or triage — with strong governance controls applied voluntarily.
Voice privacy
Voice audio is not stored — only redacted transcripts are retained.
Auditability
Every safety decision and access event is logged for traceability.
Built on SNOMED CT
A public clinical-terminology standard (Belgian Edition) bridges patient wording and clinical terms — not a proprietary black box.
Honest by default: where a standard is a target rather than a held certification, we say so. We design to be auditable against recognised information-security controls.
See MedChat on your own content
Get the business brochure, or book a 30-minute demo on your hospital's own pages.