Compliance
Kaddio is committed to building secure, transparent, and responsible software in compliance with EU regulations. This includes GDPR, EU AI Act, and MDR Class I standards.
- ✅ GDPR Compliant
Kaddio fully complies with the GDPR, ensuring data minimization, privacy-by-design, and secure processing. We support user rights such as access, correction, and deletion, and work only with subprocessors under signed Data Processing Agreements (DPAs).
- ✅ EU AI Act Compliant
Kaddio adheres to the EU AI Act by classifying AI systems by risk, ensuring transparency, and applying human oversight for AI-driven decisions. We maintain documentation and performance monitoring to promote trustworthy AI practices.
- ✅ Disaster Recovery Policy
Our disaster recovery policy defines backup schedules, recovery objectives, and incident communication paths to keep services available even during major disruptions. Ask us for tailored plans that align with your continuity requirements.
- ✅ MDR Class 1 Compliant
Kaddio meets EU MDR Class I requirements with a documented Quality Management System (QMS), post-market surveillance, and technical documentation. Our platform ensures safety and reliability for healthcare applications.
- 🇸🇪 National health system Provider
Kaddio is approved by Inera to provide health data to the Swedish National Health system 1177 and NPÖ.
- 📜 ISO 27001 Alignment
We work in accordance with the ISO 27001 standards. While Kaddio is not yet certified, we believe this helps us ensure robust information security management practices.
Security
Kaddio employs a multi-layered approach to security, combining battle tested technologies and best practices to protect your data.
- 🔐 Encryption at all times
Data is encrypted at rest with AES-256 (256-bit key length) and in transit with at least TLS 1.2. This ensures that your information remains secure against unauthorized access.
- 🔑 Secure Authentication
Kaddio supports Multi-Factor Authentication (MFA) and multiple European Electronic Ids (eIDS) to provide an additional layer of security, ensuring that only authorized users can access sensitive data and systems.
- 🧑🏽🔬 Responsible Disclosure Program
We highly value the contribution from white hat security researchers and encourages responsible disclosure of vulnerabilities. Please contact us if you identify a security issue, we will do our best to address it prompty, please understand that we do not pay rewards at this time.
AI Compliance Levels
Kaddio offers flexible compliance levels specifically for AI functionality to meet different organizational requirements and regulatory needs. Choose the level that best fits your security and data residency requirements for AI processing.
- 🇸🇪 Sweden Sovereign - Highest Security
The highest level of data sovereignty and security with all AI services hosted and owned within Sweden. Data never leaves Swedish borders, ensuring complete control over data residency and compliance with the most stringent local requirements. Maximum data protection and sovereignty.
- 🇪🇺 GDPR Compliant - Highest Quality
Processing occurs within Sweden with EU data residency guaranteed. All data processing and storage remains within the European Union, fully compliant with GDPR requirements and EU data protection standards. Strong data protection within EU boundaries.
- 🌍 Global - Highest quality for non-EU
Worldwide processing options for organizations with flexible data residency requirements. While still maintaining GDPR compliance and EU AI Act compliance, this level offers access to global infrastructure for optimal performance. Secure global processing with compliance standards.
AI FAQ
- Where is AI data processed?
In Sweden.
- What models and AI:s are supported
All OpenAIs models plus llama, Medgemma and qwen are supported. You choose ai jurisdiction and we determine the most suitable models based on eg. language and type of task. For transcription and dictation, we use either OpenAI's Open source Whisper model or Microsoft Speech service.
- How about GDPR?
All AI data is processed in Sweden. Learn more
- How about EU AI Act?
Kaddio AI is compliant with the EU AI Act. We classify our AI systems by risk, ensure transparency, and apply human oversight for AI-driven decisions. We maintain documentation and performance monitoring to promote trustworthy AI practices. Learn more
- How about EU MDR?
Kaddio AI is compliant with the EU MDR Class I requirements. We have a documented Quality Management System (QMS), post-market surveillance, and technical documentation to ensure safety and reliability for healthcare applications. Learn more
- How about US Cloud Act?
Choose our Sweden Sovereign Cloud and don't worry about US Cloud Act, we then do not process any AI data on US owned infrastructure.
- I am concerned about AI
Kaddio AI is an opt-in module, if you don't have the module, you don't use any AI with Kaddio. The default Kaddio is AI-free.
- Are audio recordings from consultations stored?
No, audio is transcribed in real-time during the consultation and then permanently deleted.
- Is my data used to train AI models?
No, we never use your data to train AI models.
- Where is data stored and processed?
All transcripts and notes are stored in Europe. We never retain or store any audio recordings.
- Who is legally responsible for the clinical documentation?
You are responsible for your data and verifying the accuracy of your notes. Like all transcription methods - human or AI - errors sometimes occur. We encourage you to review your note drafts before finalizing them.