Pilot 2026Fertility + Aesthetics10 patientsfounder-led, €0Book a 30-min intro call ›
Compliance & Data Protection

Built for four
privacy regimes,
by design.

Cross-border medical care means cross-border data. GISELLO is engineered against the strictest of GDPR, UAE PDPL, CCPA/CPRA, and HIPAA at every step, and audited against all four.

GDPR · UK GDPR
EU data residency · DPA available
UAE PDPL
DHA pathway · Dubai jurisdiction
CCPA · CPRA
No sale of PI, ever
HIPAA-aligned
BAA on request · zero retention mode
What we collect, why, and for how long

The data inventory.

Identity
Name, email, phone, country
Account & contact
Until you delete
Medical records
Labs, imaging, clinical notes
Brief generation & matching
Until you revoke
Outcomes
30d, 6m, 12m follow-up data
Quality assurance
De-identified, indefinite
Logs
Access, share, revoke events
Audit trail
7 years (regulatory)
Your rights

Six things you can do, any time.

Access

Request a full copy of everything we hold on you, in machine-readable form.

Rectify

Correct any inaccuracy in your records, we update upstream copies on your behalf.

Erase

Delete your Vault and supporting data within 30 days, except where law requires retention.

Restrict

Pause processing for any specific use case while you decide.

Port

Export to FHIR bundle, PDF, or to another provider you choose.

Object

Decline any specific processing, including AI inference, at any time.