• Pricing
  • About Us
Book a Free Consultation

Ready to become a partner?

Schedule a call and discover how our AI platform can enhance your offerings.

Company

  • About Us
  • Support
  • Contact

Legal

  • Trust Center
  • Privacy Policy
  • Acceptable Use Policy
  • Terms and Conditions
  • Terms of Business
  • The Charter
  • Cookie Policy
  • Sitemap

Contact

  • +442036420971

Follow Us

GDPR CompliantHIPAA CompliantISO 27001 CertifiedSOC 2 Type IIPCI DSS Compliant
Copyright © 2026 Clinic Assist Ltd. All Rights Reserved.

Compliance & Data Security

GDPR, CQC & Data Security for Clinics

Using AI in your clinic comes with compliance responsibilities. Clinic Assist is built from the ground up to meet UK healthcare regulations — so you can focus on patients, not paperwork.

Speak to Our TeamView Technology Overview →
ICO Registered
GDPR Compliant
CQC Ready
UK Data Residency

GDPR Compliance

Clinic Assist is fully GDPR-compliant. All patient data is processed lawfully, stored securely within the UK/EEA, and never shared with third parties without consent. We are registered with the ICO and maintain a full Record of Processing Activities (RoPA).

  • Data processed on lawful basis (legitimate interest or consent)
  • Right to access, rectify and erase patient data
  • Data breach notification within 72 hours
  • ICO registered data controller

CQC Readiness

Our AI reception service is designed to support CQC-regulated practices. We help clinics meet the Safe, Effective, Caring, Responsive, and Well-led standards by ensuring no patient call is ever missed.

  • Full call recording and audit trail
  • Escalation protocols to human staff
  • Accessible service design for all patients
  • Documented clinical escalation pathways

Data Security

All data transmitted through the Clinic Assist platform is protected by enterprise-grade encryption and access controls. Our infrastructure runs on AWS with multi-layered security.

  • End-to-end TLS 1.3 encryption for all calls
  • AES-256 encryption for data at rest
  • Role-based access control (RBAC)
  • Multi-factor authentication for all staff accounts

Data Residency

Patient data is stored within the United Kingdom and European Economic Area. We do not transfer data outside of these regions, ensuring full compliance with UK GDPR and EU GDPR requirements.

  • UK and EEA data residency only
  • AWS UK regions for all data storage
  • No offshore processing of patient data
  • Standard Contractual Clauses (SCCs) where applicable

Contractual Protections

Every Clinic Assist customer receives a Data Processing Agreement (DPA) as part of their subscription. This clearly defines our roles as data processor and your clinic as data controller.

  • Data Processing Agreement (DPA) included
  • Clear data controller/processor responsibilities
  • Sub-processor list available on request
  • Annual review of contractual obligations

Call Handling Compliance

Our AI voice agents are trained to handle calls in accordance with healthcare communication best practices. All calls are recorded, transcribed, and stored securely for audit purposes.

  • All calls recorded with consent notification
  • Transcriptions stored for 12 months
  • Full export available for SAR requests
  • Automatic deletion schedules configurable

Related Resources

Privacy Policy →Terms of Business →Acceptable Use Policy →Cookie Policy →AI Technology Overview →

Questions About Compliance?

Talk to our team.

Our team can walk you through data processing agreements, security architecture, and how Clinic Assist fits within your existing compliance framework.

App screenshot