GDPR information sheet
Last updated: 24 May 2026
1. Roles: who is controller?
- BetterCall as operator: For account, product data tied to your login, infrastructure logs, and platform security, BetterCall.ie typically acts as a controller (or joint controller where agreed in writing with a partner).
- Clinical teams: For patient names, identifiers, notes, threads, and tasks entered in team workspaces, the healthcare organisation and treating clinicians usually act as controllers for clinical care. BetterCall provides the processing environment and should be treated as a processor (or sub-processor) for that clinical content unless a separate agreement states otherwise.
2. Special category data (Article 9)
Health data and related categories receive extra protection under the GDPR. Teams features are only appropriate where an appropriate Article 9 basis applies (for example explicit consent and/or provision of health care under national law). In-app notices are educational and do not transfer legal liability to BetterCall.
3. Data minimisation and purpose limitation
Enter only the patient information necessary for the clinical task. Use pseudonyms or initials where your local policy allows. Clinical AI in team workspaces is intended for care documentation on pilot-approved teams; do not use general reference or job tools for identifiable patient data.
4. Clinical records vs team chat
Clinical threads and patient context are stored in Firestore in the EU (eur3) and are readable by authorised members of your team for handover. Team chat may offer end-to-end encryption (beta): where enabled, message content may be stored as ciphertext; we are not designed to read those bodies. Metadata (membership, timestamps, sender identifiers) may still be processed like other database fields.
5. Location and subprocessors
Clinical patient data for pilot teams is stored in Google Cloud Firestore (EU, eur3). Clinical AI uses Vertex AI in the EU under the Google Cloud DPA. Teams share cloud infrastructure; access is separated logically by team membership and pilot approval. Non-clinical subprocessors (for example Netlify for hosting) may process technical logs; where data leaves the EEA we rely on vendor safeguards (including Standard Contractual Clauses) as offered at the time of processing.
6. Data subject rights
Individuals have GDPR rights including access, rectification, erasure, restriction, portability, and objection, subject to exemptions (for example statutory retention of medical records). Patients should normally contact their care provider first. You may contact privacy@bettercall.ie for platform-held copies or technical assistance where we are not prevented by law.
7. Supervisory authority
If you are in Ireland, you may contact the Data Protection Commission: www.dataprotection.ie.
8. Contact
Privacy: privacy@bettercall.ie. General: conor@bettercall.ie.