Compliance & Data Protection
Built for four
privacy regimes,
by design.
Cross-border medical care means cross-border data. GISELLO is engineered against the strictest of GDPR, UAE PDPL, CCPA/CPRA, and HIPAA at every step, and audited against all four.
GDPR · UK GDPR
EU data residency · DPA available
UAE PDPL
DHA pathway · Dubai jurisdiction
CCPA · CPRA
No sale of PI, ever
HIPAA-aligned
BAA on request · zero retention mode
What we collect, why, and for how long
The data inventory.
Identity
Name, email, phone, country
Account & contact
Until you delete
Medical records
Labs, imaging, clinical notes
Brief generation & matching
Until you revoke
Outcomes
30d, 6m, 12m follow-up data
Quality assurance
De-identified, indefinite
Logs
Access, share, revoke events
Audit trail
7 years (regulatory)
Your rights
Six things you can do, any time.
Access
Request a full copy of everything we hold on you, in machine-readable form.
Rectify
Correct any inaccuracy in your records, we update upstream copies on your behalf.
Erase
Delete your Vault and supporting data within 30 days, except where law requires retention.
Restrict
Pause processing for any specific use case while you decide.
Port
Export to FHIR bundle, PDF, or to another provider you choose.
Object
Decline any specific processing, including AI inference, at any time.