ClinicalAssist

Enterprise Data Protection Policy (EDP)

Last updated: 8 March 2026

Executive summary

  • ClinicalAssist stores clinician account/profile data separately from clinical case content.
  • Clinician user data is stored in Firebase Authentication and Firestore user-profile records.
  • Patient or clinical assessment content is cached in the clinician's browser by default, not stored as a patient record in ClinicalAssist Firestore.
  • Clinical content is transmitted only when the user invokes AI analysis, follow-up AI questions, or export generation.
  • AI requests are routed through Vercel AI Gateway to OpenAI and Anthropic. Those providers state API/customer data is not used for model training by default.

1. Scope

This Enterprise Data Protection Policy explains how ClinicalAssist handles:

  • clinician user and organisation data
  • patient or clinical assessment data entered into the workflow
  • AI processing and export generation flows
  • storage, retention, and governance boundaries

2. Clinician user data vs patient data

Clinician user data: includes email address, display name, role, work setting, organisation, account metadata, and authentication state required to operate the service for the signed-in user.

Patient or clinical data: includes the assessment content a clinician enters into the workspace, such as presenting complaint, medications, allergies, observations, social/functional history, investigations, differential outputs, and export content.

These two data classes are handled differently. User data is part of account administration. Clinical case data is treated as workflow content and is not stored as a persistent patient record in the application database.

3. Where clinician user data is stored

  • Firebase Authentication manages sign-in, password reset, and Google sign-in.
  • Firestore stores the user profile record used for role, location, organisation, and onboarding state.
  • Firestore rules in this application restrict profile access to the authenticated user who owns that profile.

4. Where patient or clinical data is stored

In-progress clinical assessment data is saved in browser storage on the user's device so the workflow can resume without losing work.

ClinicalAssist does not store those in-progress assessments as patient records in Firestore.

This means the default persistence model for clinical case content is local browser storage on the clinician's device, not a central ClinicalAssist patient database.

5. When patient or clinical data leaves the device

Patient or clinical content is transmitted when the clinician actively uses a feature that requires server-side processing. This includes:

  • AI assessment analysis
  • AI follow-up questions
  • document export generation such as PDF, DOC, or TXT

ClinicalAssist therefore should be described as “browser-stored by default, transmitted when requested by workflow actions”, not as “patient data never leaves the device”.

6. AI provider handling

ClinicalAssist currently routes AI requests through Vercel AI Gateway and then to OpenAI and Anthropic models.

  • OpenAI states API/customer data is not used to train models by default, and its published API data controls describe retention for abuse monitoring.
  • Anthropic states API/customer data is not used for model training by default and documents backend retention limits in its Privacy Center.
  • Vercel documents zero data retention by default for AI Gateway, while downstream providers may still apply their own retention policies.

Enterprise customers should evaluate whether their governance permits the transmission of any patient-identifiable data to these processors and configure workforce guidance accordingly.

7. Data protection position for enterprise review

  • ClinicalAssist is not acting as the organisation's longitudinal patient record.
  • User identity and entitlement context are stored centrally for access and tailoring.
  • Clinical case content is locally cached and only transmitted for explicit processing actions.
  • Export output is generated transiently and returned to the user; this codebase does not persist export payloads in a dedicated database.
  • The product should be used in line with local NHS or enterprise governance, confidentiality, and information-handling requirements.

8. Retention and deletion

  • User account/profile data is retained while the account remains active, subject to support, legal, security, and operational needs.
  • Browser-stored clinical workspace data remains on the user's device until it is cleared, overwritten, or removed.
  • AI request retention depends on the documented policies of Vercel AI Gateway, OpenAI, and Anthropic.

9. Related policies

This EDP policy should be read alongside the Privacy & Data Handling policy and the Cookies & Browser Storage policy.

10. Contact

For enterprise or data protection questions, contact hello@clinicalassist.io.

ClinicalAssist is a decision support tool only and does not replace clinical judgement. Read full disclaimer