GDPR Compliance

Our Approach

ZovoNotes is built with GDPR in mind from day one. Audio recordings are sent encrypted (TLS) to our UK processing servers, processed in real-time, and deleted straight away. We minimise data retention and our DSPT submission is in progress.

How Data Flows

When a clinician records a consultation, the audio is captured in the browser and transmitted encrypted to our processing servers. The AI generates a transcript and structured clinical notes, which are returned to the clinician's browser. Audio is deleted from our servers immediately after processing. Generated notes are stored only in the clinician's browser localStorage.

Article 5 — Processing Principles

• Lawfulness: Processing is performed with the consent of the healthcare provider under a data processing agreement.
• Purpose limitation: Data is processed solely for clinical documentation generation.
• Data minimisation: Audio is deleted immediately after processing. No long-term patient data storage.
• Storage limitation: Server-side retention is limited to the duration of processing (seconds). Client-side retention is controlled by the clinician.
• Integrity & confidentiality: TLS encryption in transit. UK-hosted processing infrastructure.

Data Processing Agreement

As Infonova Solutions processes clinical data on behalf of healthcare providers, a Data Processing Agreement (DPA) is available on request. We also provide documentation to support your Data Protection Impact Assessment (DPIA).

NHS DSPT Alignment

Our NHS DSPT submission is in progress. Contact us for the latest status or to request our security documentation.

Contact

For GDPR-related enquiries, contact our Data Protection Officer at contact@zovonotes.com.

Infonova Solutions Ltd, Company No. 16314069, Leicester, United Kingdom.