GDPR Compliance
Last updated: May 17, 2026
Overview
EHR Copilot Inc. is committed to compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679 for users located in the European Economic Area (EEA). This page describes our data practices and your rights under GDPR.
Data Controller
For personal data processed in connection with your use of EHR Copilot, the data controller is:
Legal Basis for Processing
- Contract performance — Processing necessary to provide the Service you signed up for.
- Legitimate interests — Security monitoring, fraud prevention, and platform improvement.
- Legal obligation — Where required by applicable law.
- Consent — For optional analytics or marketing communications, which you can withdraw at any time.
Your Rights Under GDPR
Right of Access
Request a copy of all personal data we hold about you.
Right to Rectification
Correct inaccurate or incomplete personal data.
Right to Erasure
Request deletion of your personal data ("right to be forgotten").
Right to Restrict Processing
Ask us to limit how we use your data in certain circumstances.
Right to Data Portability
Receive your data in a machine-readable format.
Right to Object
Object to processing based on legitimate interests or for direct marketing.
Right to Withdraw Consent
Where processing is based on consent, withdraw it at any time.
To exercise any of these rights, email dpo@ehr.life. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.
Data Transfers
If your data is transferred outside the EEA (e.g., to US-based cloud providers), we ensure appropriate safeguards are in place via Standard Contractual Clauses (SCCs) approved by the European Commission.
Data Retention
Personal data is retained only as long as necessary for the purposes collected. Session and clinical content data is retained for 90 days; account data is deleted within 30 days of account closure.
Contact the DPO
Our Data Protection Officer can be reached at dpo@ehr.life.