Data Protection &
GDPR Compliance
2Care AI Inc is committed to protecting patient health data. Our platform is built with a defense in depth architecture to ensure security, lawfulness, and full compliance with GDPR 2016/679.
Regulation
EU GDPR 2016/679
Issued By
2Care AI Inc
1. Introduction & Scope
2care.ai handles sensitive patient and clinical data as a foundational commitment. This document applies to all personal data processed acting as a Data Processor on behalf of healthcare organisations (Data Controllers).
2. Roles & Accountability
2care.ai acts exclusively as a Data Processor, handling data on documented instructions from the Data Controller. We process data for core platform operations, patient engagement, and AI-supported clinical analysis.
3. Data Categories
We process identity record, contact information, and special category health data (Art. 9 GDPR) including clinical reports and diagnoses. Health data is treated as the most sensitive category on the platform.
4. Technical Safeguards
All data is protected by AES-256 encryption at rest and TLS 1.3 in transit. We enforce strict tenant isolation, MFA, and role-based access control (RBAC) at the query level.
5. Audit Logging & Retention
The platform maintains a comprehensive, append-only audit log of all events involving personal data. Logs include authentication history, record access (view/read), record creation/modification, and data exports.
Exercise Your Rights
If you have any questions regarding your data, or if you would like to exercise your rights (Access, Portability, Erasure, or Objection) as a data subject, please contact our privacy team.
Privacy Contact: support@2care.ai
Disclaimer: 2care.ai is a technology platform, not a healthcare provider or clinical service. AI-generated analysis does not constitute medical advice or a substitute for professional clinical judgement.
This document is a master statement applicable across all 2care.ai deployments. Client-specific processing details are governed by the Data Processing Agreement (DPA).