Compliance & Security
Trust is not just a feature — it's our foundation.
GDPR Ireland Compliance
Our platform is strictly aligned with the Irish Data Protection Act 2018 and the General Data Protection Regulation (GDPR). We facilitate all data subject rights including the right to access (GDPR Art 15), erasure (Art 17), data portability (Art 20), and lodge complaints with the Data Protection Commission at dataprotection.ie.
Data Residency: Supabase Dublin (EU-West-1)
At MedPro AI, patient data at rest never leaves the European Union. Our primary and backup infrastructure is in Supabase Dublin (EU-West-1), built on AWS EU-West-1.
International Transfers (EU–US Data Privacy Framework)
The large majority of processing stays in the EU. Clinical text inference runs on Google Vertex AI inside the EU and does not flow to the US. A few narrow paths reach the United States, each governed by the EU–US Data Privacy Framework adequacy decision and signed sub-DPAs. See our Transfer Impact Assessment for full safeguards.
Encryption & PHI Security
Protected Health Information (PHI) is protected with enterprise-grade security layers. We use AES-256 encryption at rest and TLS 1.3 for all data in transit.
HSE & Irish Healthcare Alignment
Designed for the Irish healthcare landscape. Our system architecture is designed to align with HSE systems, the HSE Personal Information Disclosure Standard, PCRS billing protocols, and the Irish Medical Council (IMC) regulatory framework.
EU AI Act — Brigid as Human-Oversight AI
Brigid is operated as a high-risk AI system under Regulation (EU) 2024/1689 — Annex III point 5 (decision support for healthcare) plus Annex I once the medical-device CE marking completes. We maintain documentation, transparency, logging, and human-oversight controls required under Articles 12, 14, and 50.
EU Medical Devices Regulation (MDR Class IIa)
MedPro AI is undergoing conformity assessment as a Class IIa medical device under EU MDR 2017/745, classified per Annex VIII Rule 11 (software as a medical device). See the dedicated Medical Device declaration for the current certification status and post-market surveillance approach.