[l5t]

You're absolutely right, we should have been much more upfront with the privacy/security aspect of the product and add this link to the post: https://www.nabla.com/blog/privacy-security/

I hope this link will clarify our position.

Here are additional answers related to your points. - We do use Google Cloud to host our backend in EU or in the US but also the data for the Care Platform product. For the Copilot product, we don't host any data. They are hosted locally on the practitioner browser. - Our T&C reserves the right to re-use data in the event we will store the data in future versions of Nabla Copilot. In any case, the reuse of data, even health data, is allowed by GDPR for the improvement of the service provided if the data controller (practitioner) authorizes us and if they have informed the patient. - We did not say that "none of the data is sent outside the EU". Actually we say the opposite in the Copilot APD Annexe 1. We specifically mention Google and OpenAI and we comply with GDPR with a data protection agreement with both these companies.