Where is my data stored, and how does DigitalTCO stay GDPR compliant?

At DigitalTCO, data protection and GDPR compliance are absolutely central to how we operate. Our platform was designed from day one with privacy by design and privacy by default, ensuring every process meets β€” and often exceeds β€” the legal and technical requirements of GDPR.

🌍 Data Storage Locations

All data is securely stored within the Google Cloud Platform (GCP) β€” specifically across UK, EU, and US data centres.

These data centres are operated under legally binding data protection frameworks, including:

  • UK GDPR and EU GDPR (for UK/EU data residency)
  • The EU–US Data Privacy Framework, which governs and safeguards transatlantic data transfers

Google Cloud is a certified participant under this framework, ensuring that any data processed or stored in the US is protected to the same standard as data held in the UK or EU.

πŸ” Encryption and Security

All records β€” including clinical notes, audio files, and account data β€” are:

  • Encrypted at rest (AES-256)
  • Encrypted in transit (TLS 1.2+)

This means your data is protected both when it’s stored and when it’s moving.

Access to data is controlled through role-based permissions, multi-factor authentication, and comprehensive audit logging to ensure complete traceability and accountability.

πŸ“œ Legal and Compliance Framework

DigitalTCO maintains a Data Processing Agreement (DPA) with Google under Article 28 of the GDPR.

This means both DigitalTCO and Google are legally bound to maintain compliance, security, and confidentiality at all times.

Google Cloud also holds globally recognised certifications, including:

  • ISO 27001 – Information Security Management
  • ISO 27017 – Cloud Security Controls
  • ISO 27018 – Protection of Personal Data in the Cloud

These certifications provide independent verification that Google’s infrastructure meets the highest international standards for data security and privacy.

🧭 Our Internal Policies

Internally, DigitalTCO enforces strict data minimisation and principle-of-least-privilege policies.

Only authorised personnel with legitimate operational needs can access data, and all access is logged and regularly reviewed.

Encrypted backups and redundancy ensure business continuity and disaster recovery without compromising privacy.

πŸ‘₯ Your Rights Under GDPR

We believe in transparency and control. Every DigitalTCO user has the right to:

  • Access their data
  • Request corrections or updates
  • Export their data
  • Request deletion of their data

These rights are fully supported under Articles 15–20 of the GDPR.

πŸ“„ Read Our Full Privacy Policy

For complete details on how we collect, store, and protect your data, you can read our full policy here:

πŸ‘‰ DigitalTCO Privacy Policy

βœ… In summary

  • Data is stored securely across UK, EU, and US Google Cloud regions under GDPR-compliant frameworks.
  • Every record is encrypted, access-controlled, and auditable.
  • Legally binding agreements ensure compliance across all regions.
  • The entire system is built to meet and exceed healthcare-grade GDPR standards.
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.