GDPR-Compliant: How Paira Protects Patient Data

The Elephant in the Room: AI and Patient Privacy

Every dental practice owner considering AI technology faces the same fundamental question: Can I trust this with my patients' data?

It is the right question to ask. Patient health information is among the most sensitive data categories under European law. The General Data Protection Regulation (GDPR) -- known as DSGVO in Germany -- imposes strict requirements on how this data is collected, processed, stored, and transmitted. Violations carry fines of up to 20 million euros or four percent of annual global turnover.

When we designed Paira, we did not treat data protection as an afterthought or a compliance checkbox. We made it the foundation of every architectural decision. Here is how.

On-Premise First: Your Data, Your Premises

The single most important privacy decision we made was placing Paira's core processing physically inside your practice. The dedicated Mac Studio M4 Max that powers the AI sits on your shelf, connected to your local network, under your physical control.

When a patient speaks to Paira, their voice is processed locally. When personal information is exchanged, it stays on your hardware. When appointment details are managed, the data flows between Paira and your practice management system over your local network -- never traversing the public internet for core operations.

This is not a marketing distinction. It is an architectural guarantee. Cloud-only AI solutions, by definition, transmit patient data to external servers for processing. Even with encryption in transit, this creates additional attack surfaces, jurisdictional risks, and dependency on third-party security practices. Our on-premise approach eliminates these vectors entirely for core data processing.

Encryption: Military-Grade, No Compromises

Every piece of data that Paira handles is encrypted using AES-256-GCM -- the same encryption standard used by military and intelligence agencies worldwide. This applies to data at rest on the local hardware and to any data that moves between system components.

All network communication uses TLS 1.3, the latest and most secure transport layer security protocol. We do not support TLS 1.2 as a fallback for backward compatibility, and we certainly do not support any deprecated protocols. Older, weaker encryption standards are explicitly blocked at the system level.

For password hashing and credential storage, we use Argon2id -- currently considered the gold standard by the cryptographic community. No MD5, no SHA-1, no legacy algorithms that have known vulnerabilities.

EU-Only Cloud: When Data Crosses the Network

Certain AI functions, particularly large language model inference for complex conversational understanding, require cloud computing resources that exceed what on-premise hardware can deliver. For these specific functions, Paira connects to cloud services.

Every cloud service in our stack is hosted exclusively within the European Union. Our primary provider operates through AWS Bedrock in the Frankfurt region. Our fallback providers -- Azure and Mistral AI -- also operate from EU data centres. This is not a configuration option; it is hardcoded into our infrastructure.

Why does EU hosting matter? Under the GDPR, transferring personal data outside the European Economic Area requires special legal mechanisms (such as Standard Contractual Clauses or adequacy decisions). The US, in particular, has been the subject of ongoing legal challenges regarding data protection adequacy (see Schrems I and Schrems II rulings). By keeping all cloud processing within the EU, we avoid these complexities entirely.

Zero Data Retention in the Cloud

When Paira sends data to cloud services for AI processing, we enforce a zero-retention policy. This means the cloud provider processes the request and returns a response, but does not store the input data, the output, or any derived information. There are no training datasets being built from your patients' conversations. There are no logs retained on cloud servers containing patient information.

This zero-retention approach is contractually guaranteed with our cloud providers and technically enforced through our API configuration. It is verifiable and auditable.

Comprehensive Audit Logging

The GDPR and German healthcare regulations (KBV-IT-Sicherheitsrichtlinie) require that medical practices maintain detailed records of who accessed what data and when. Paira implements comprehensive audit logging that tracks every security-relevant event:

• Authentication events: Every login, logout, and failed access attempt
• Data access: Every instance of patient data being read, written, or modified
• System changes: Configuration modifications, software updates, service restarts
• Security events: Anomalous access patterns, failed authentication attempts, potential threats

All logs are timestamped in ISO 8601 format (UTC), immutable once written, encrypted at rest, and retained for a minimum of one year as required by German audit standards. Access to log data is itself logged and restricted to authorised administrators.

Data Minimisation: Collecting Only What Is Needed

The GDPR's principle of data minimisation requires that only data necessary for the specific purpose is collected and processed. Paira is designed to collect the minimum information required to fulfil its reception function.

For appointment scheduling, it collects the patient's name, contact information, and treatment type -- nothing more. For check-in, it verifies identity and updates arrival status. It does not build patient profiles, track behaviour patterns, or create marketing datasets.

Data that is no longer needed for its original purpose is deleted automatically according to configurable retention schedules. Patients' right to data deletion under GDPR Article 17 is supported through straightforward administrative controls.

Access Control and Authentication

Access to Paira's administrative functions is protected by multi-factor authentication and role-based access control. Different staff members see different levels of information based on their role -- a receptionist sees scheduling data, while system configuration is restricted to practice administrators.

There are no shared passwords, no default credentials, and no backdoors. Every administrative action is attributed to a specific user and logged in the audit trail.

Compliance by Design, Not by Accident

Paira's data protection architecture was not retrofitted after development. It was designed in from the beginning, following the GDPR's principle of Privacy by Design and by Default (Article 25). Every feature, every integration, every data flow was evaluated for privacy impact before implementation.

We follow the BSI IT-Grundschutz baseline protection methodology, maintain alignment with ISO 27001 information security management standards, and design for compatibility with the KBV IT security guidelines specific to German medical practices.

This is not a theoretical exercise. It is the reason Paira can operate in one of the most regulated healthcare environments in the world -- and why practice owners can deploy it with confidence.

Frequently Asked Questions

Does Paira send patient data to servers outside the European Union?

No. All cloud services used by Paira are hosted exclusively within European Union data centres. Our primary AI provider operates through AWS Bedrock in Frankfurt, Germany, with EU-based fallback providers. Patient data never leaves EU jurisdiction, eliminating the legal complexities associated with international data transfers under GDPR.

How does Paira handle the GDPR right to data deletion?

Paira supports the right to erasure (Article 17) through administrative controls that allow authorised staff to delete all stored data associated with a specific patient. The system also implements automatic data deletion based on configurable retention schedules, ensuring that data is not kept longer than necessary for its original purpose.

What happens to patient data if the internet connection is lost?

Core patient data processing occurs entirely on-premise on the dedicated Mac Studio hardware within your practice. An internet outage does not expose or compromise any patient data, as the local system continues to operate independently. Cloud connectivity is only used for advanced AI processing, and no patient data is cached or retained by cloud services.

Is Paira certified under any specific data protection or security standard?

Paira is built following BSI IT-Grundschutz methodology and aligns with ISO 27001 information security management principles. The system is designed for full compliance with the KBV IT security guidelines for German medical practices. As a newly launched product, formal certification processes are underway, and our architecture was designed from the ground up to meet these rigorous standards.