Enterprise-Grade Security
HIPAA
GDPR

Compliance & Security

Your patients trust you with their health. You can trust us with their data. Docdemic is built from the ground up with security and compliance at its core.

Compliance guides by region

Review how Docdemic supports major healthcare privacy and data protection obligations across the regions our customers ask about most.

European Union

GDPR

EU data protection, DPAs, data subject rights, and EU residency.
United States

HIPAA

PHI safeguards, BAAs, audit controls, and covered entity support.
United Kingdom

UK GDPR

UK GDPR, Data Protection Act 2018, and healthcare privacy workflows.
Australia

Privacy Act

Privacy Act 1988, APPs, health information, and breach readiness.
Canada

PIPEDA

PIPEDA plus provincial health privacy requirements such as PHIPA.
GDPR Compliance
GDPR Compliance

EU Data Protection Standards

As a Swedish company, Docdemic follows the General Data Protection Regulation (GDPR). We process personal data lawfully, fairly, and transparently.

  • Data Processing Agreements (DPA)

    Custom DPA agreements available for enterprise customers.

  • EU Data Residency

    Customer data is stored in GDPR-aligned EU datacenters in Sweden and Germany.

  • Data Subject Rights

    Full support for access, rectification, erasure, and portability requests.

  • Privacy by Design

    Data protection integrated into our development process from the start.

HIPAA Compliance

HIPAA safeguards for US healthcare

Docdemic is designed to support HIPAA-regulated workflows and applies administrative, physical, and technical safeguards for Protected Health Information (PHI).

  • Business Associate Agreements (BAA)

    We sign Business Associate Agreements (BAAs) with eligible covered entities and business associates where required.

  • Administrative Safeguards

    Comprehensive policies, procedures, and workforce training programs.

  • Physical Safeguards

    Secure data centers with restricted access and environmental controls.

  • Technical Safeguards

    Encryption, access controls, audit logs, and integrity controls.

HIPAA Compliance - healthcare data security

Security Measures

Multiple layers of security protect your data at every step.

Encryption at Rest and in Transit

All data is encrypted using AES-256 encryption at rest and TLS 1.3 in transit. Your data is never stored or transmitted in plain text.

Access Controls

Role-based access control (RBAC), multi-factor authentication (MFA), and SSO/SAML support for enterprise customers.

Audit Logging

Comprehensive audit trails track all access and modifications to patient data, supporting compliance and forensic requirements.

Secure Data Centers

Data is hosted in EU datacenters in Sweden and Germany. Hostup in Sweden is our primary server provider, with secondary datacenter capacity through Hetzner in Germany.

Regular Backups

Automated daily backups with point-in-time recovery. Backups are encrypted and stored in geographically separate locations.

Incident Response

Security monitoring and documented incident response procedures (details available on request for enterprise customers).

How We Handle Your Data

You Own Your Data

All data you upload to Docdemic remains your property. We do not claim ownership of your transcriptions, notes, or any other content you create.

Your Data is Private

All data is private by default. We do not sell your data to third parties. There are no ads on the Docdemic platform.

Your Data is Not Used for AI Training

We do not use your data to train our AI models. Your transcriptions and documents are never used to improve our algorithms.

Your Data Can Be Retrieved

You can export all your data at any time in standard formats. No data lock-in; your data is always accessible.

Your Data Can Be Deleted

Upon request, we will permanently delete all your data from our systems within 30 days, in compliance with GDPR's right to erasure.

Need a Custom DPA?

Enterprise customers can request custom Data Processing Agreements tailored to their specific compliance requirements. Our legal team is ready to work with you.

  • Custom contractual terms
  • Standard Contractual Clauses (SCCs)
  • Sub-processor documentation
Contact Us