Security and Data Protection
AES-256 Encryption
All data at rest is encrypted with AES-256. Communications in transit use TLS 1.3.
GDPR Compliant
Infrastructure hosted in the European Union. We fully comply with the General Data Protection Regulation.
EU Data Residency
All patient and clinic data is stored on servers within the European Union.
99%+ Uptime
Redundant infrastructure with 24/7 monitoring and automatic alerts for any incidents.
Healthcare Compliance
HeyCAi is designed to meet the requirements of leading chiropractic associations and professional bodies in Spain and the United Kingdom:
- GCC — General Chiropractic Council (UK)
- GOsC — General Osteopathic Council
- CSP — Chartered Society of Physiotherapy
- European Union General Data Protection Regulation (GDPR)
- Spanish Organic Law on Data Protection (LOPDGDD)
Access Control
- Multi-factor authentication (MFA) available on all plans
- Role-based permissions: admin, user, read-only
- Complete audit log of all actions
- Configurable automatic session expiry
Incident Management
- Security breach notification within 72 hours (per GDPR)
- Disaster recovery plan (RTO < 4 hours)
- Daily backups with 30-day retention
- Vulnerability reporting channel: seguridad@heycai.ai
Patient Data
HeyCAi acts as a data processor for the clinical data you handle through the platform. Your clinic is the data controller vis-à-vis your patients. We sign a Data Processing Agreement (DPA) with all our clients, available upon request at privacidad@heycai.ai.
Security Questions
If you have specific security questions, wish to review our DPA, or have found a vulnerability, contact our team at seguridad@heycai.ai. We respond within 24 business hours.