MedProAI is an AI-powered practice management platform built for private healthcare professionals in Ireland and the UK. It combines scheduling, billing, patient management, and AI clinical documentation (Brigid AI) in one system.

Who is MedProAI designed for?

MedProAI is built for GPs, dentists, physiotherapists, consultants, and specialists running private practices in Ireland and the UK. It supports solo practitioners and multi-clinician practices.

Brigid AI is MedProAI's built-in AI clinical documentation assistant. It listens to consultations (with patient consent), generates SOAP notes, referral letters, and clinical summaries automatically, saving practitioners 2-4 hours per day on admin.

Is MedProAI GDPR compliant?

Yes. MedProAI is fully GDPR compliant with data hosted in EU data centres. It includes built-in consent management, data processing agreements, and meets HIQA standards for clinical documentation in Ireland.

How much does MedProAI cost?

MedProAI starts from €129 per month for the standard plan. All plans include AI clinical notes with Brigid, appointment scheduling, patient management, and insurance billing. Visit medproai.com/pricing for full details.

How does MedProAI compare to Socrates, HealthOne, and other Irish GP software?

Unlike legacy systems like Socrates, HealthOne, and Helix (all owned by Clanwilliam Group), MedProAI is the only Irish practice management platform with built-in AI clinical documentation. It offers modern cloud-based infrastructure, automated insurance billing for VHI/Laya/Irish Life, and AI-powered workflows that legacy systems cannot match.

Privacy Policy – MedProAI

Last updated: 15 May 2026

1. Introduction

Welcome to MedPro AI. We are committed to protecting your privacy and handling your personal data in an open and transparent manner. This Privacy Policy explains how we, DJG Media Limited (trading as MedPro AI), collect, use, share, and protect your personal data when you visit our website (medproai.com), use our platform, or interact with our services.

This policy is designed to help you understand your privacy rights and how you can exercise them.

2. Who We Are and Our Roles

We are DJG Media Limited (CRO No. 762838), a company registered in Ireland with our registered office at Coliemore House, Coliemore Road, Dalkey, Dublin, Ireland. For the purposes of the General Data Protection Regulation (GDPR), our role depends on the context of our interaction with you:

When you visit our website, contact us directly, or create an account for the MedPro AI service: DJG Media Limited is the Data Controller. We determine the purposes and means of processing your personal data.
When a healthcare provider (our "Customer") uses the MedPro AI platform to manage patient information: The Customer is the Data Controller of the patient data, and DJG Media Limited is the Data Processor. We process this data on behalf of and under the instruction of the Customer, as governed by the Data Processing Agreement (DPA) we have with them.

This distinction is important. If you are a patient of one of our Customers, you should direct any privacy-related questions to your healthcare provider in the first instance.

3. What Data We Collect

We collect different types of data depending on your interaction with us:

When you visit our website:We collect technical data such as your IP address, browser type, and operating system, as well as information about your browsing activity (our "Website Data").
When you contact us or sign up:We collect your name, email address, and any other information you provide in your communications with us (our "Communication Data").
When you use our platform:We collect account information such as your name, email address, role, and payment information (our "Account Data"). We also collect data on how you use the platform, such as features accessed and actions taken (our "Usage Data"), and we maintain detailed logs for security and auditing purposes (our "Log Data").
When we process data for our Customers:We process patient demographic and clinical data on behalf of our Customers (our "Patient Data"). This is special category data and is handled with the highest level of security and confidentiality, as detailed in our DPA.

4. Lawful Bases for Processing

We only collect and process your personal data when we have a legal basis to do so. The purposes for which we use your data include:

Contract fulfillment: To provide and manage the service.
Legitimate interest: To secure and monitor our platform, communicate with you, and improve our services.
Consent: For marketing and cookies (where required).

5. Health Data Processing (Special Category)

Your medical record is "special category personal data" under GDPR Article 9 and Irish Data Protection Act 2018 §36 + §49. We process it under the following lawful bases:

Patient explicit consent — GDPR Art 9(2)(a) — captured via the first-sign-in consent gate in the MedYou patient app.
Healthcare delivery — GDPR Art 9(2)(h) + Irish DPA 2018 §53 — permits processing necessary for medical diagnosis, the provision of health or social care or treatment, or management of health systems.
Public interest in the area of public health — GDPR Art 9(2)(i) — applies to specific public-health functions (e.g. notifiable disease reporting).

Every read or write to your record is recorded in an append-only audit trail (Irish Health Act 2014 §73 patient confidentiality + audit-trail requirements, plus EU AI Act Art 12 logging for any AI inference on the record). You can request a copy of the log at any time under your GDPR Art 15 access right.

What we do NOT do with your health data: we never sell it, never use it for advertising, never train AI models on it. Sub-processors are bound by no-training and zero-retention contractual terms.

6. AI Features ("Brigid") and Patient-Controlled Permissions

Brigid is the AI assistant embedded in MedPro AI and the MedYou patient app. Brigid actions are opt-in by patient and governed by per-patient toggles the patient owns and can change at any time under Me → What Brigid can do:

Draft letters & referrals — Brigid pre-writes outbound letters and referrals for a clinician to review and sign. Default: enabled. Legal basis: performance of the care contract (Art. 6(1)(b) GDPR) + Art. 9(2)(h) for special-category health data.
Summarise visits — Plain-English visit recaps after each consultation.Default: enabled. Same legal bases as above.
Send reminders — SMS/email/push reminders for appointments, repeats, screenings. Default: enabled. Legal basis: legitimate interest in continuity of care (Art. 6(1)(f) GDPR); patient may opt out at any time.
Voice transcripts— Clinician-side audio capture to power Brigid's draft notes. Default: disabled. Requires explicit, informed patient consent (Art. 9(2)(a) GDPR). If off, the MedPro clinician app refuses to start a recording.
Anonymised research — Sharing de-identified data with Irish primary-care research initiatives. Default: disabled. Requires explicit consent (Art. 9(2)(j) GDPR for research) and is governed by a separate data use agreement.

These toggles persist in our database (medyou_brigid_permissions) and are enforced at the application layer: the clinician's app reads the patient's row before each action and refuses anything the patient has switched off. Anything turned off is impossible — there is no manual override.

Under the EU AI Act (Regulation 2024/1689), Brigid-assisted clinical decision support is classified as a high-risk AI system (Annex III, point 5 / safety component under Annex I when integrated with a medical device). We comply with the corresponding requirements, including transparency, human oversight, accuracy monitoring, logging, and our published AI risk-management documentation. AI outputs are decision support, not autonomous diagnosis: a registered clinician reviews and signs every clinical artefact before it is released.

8. Marketing & Outreach Communications

Non-clinical SMS, email, or in-app messages from MedYou and your clinic — health tips, product announcements, surveys — are strictly opt-in under GDPR Art 6(1)(a) and the ePrivacy Directive 2002/58/EC + Irish PECR (S.I. 336/2011).

We never sell your contact details or share them outside MedYou and your clinic.
Clinical reminders (appointments, prescription repeats, lab-result alerts) are not covered by this opt-in — they follow your separate Alerts settings under Me → Notifications and rely on the legitimate-interest-in-continuity-of- care basis (Art 6(1)(f) GDPR).
One-tap unsubscribe links appear on every marketing message; you can also globally opt out under Me → What Brigid can do → Marketing & outreach.

9. Anonymised Research Use

With your explicit, optional consent (GDPR Art 6(1)(a)) and only where the study has been approved by a Research Ethics Committee under the Irish Health Act 2007, your data may contribute to clinical research in fully de-identified form.

De-identification follows the ISO/IEC 27559:2022 standard. Names, patient IDs, contact info, addresses, dates, and any other direct or indirect identifiers are stripped before any researcher sees the data.
Already-anonymised data cannot be linked back to you to remove — that is the point of de-identification. Going forward, opt-out under Me → What Brigid can do → Anonymised research stops any further inclusion.
Active studies are listed under Me → Research participation when applicable.

10. Your Data Protection Rights

Under GDPR, you have several rights in relation to your personal data:

Right to Access: Request a copy of the data we hold.
Right to Rectification: Correct inaccurate or incomplete data.
Right to Erasure:The "Right to be Forgotten".
Right to Data Portability: Transfer data to you or a third party.
Right to Object: Object to processing in certain cases.

To exercise any of these rights, please contact us at dpo@medproai.com. You may also lodge a complaint with the Data Protection Commission at dataprotection.ie (Irish supervisory authority under GDPR Art 77 + Irish DPA 2018 §79).

Privacy Policy