1. Who actually sees our callers' data?
Inside Lucid AI Labs: only Fabian Ilg (solo engineer), and only if a practice admin asks for help or a bug has to be analysed. Outside: Hetzner hosts the encrypted database in Falkenstein (sees the data only at the disk level, doesn't hold the application keys), and a few US providers process the voice and text portion in the moment of the call (Anthropic for response logic, Deepgram for speech-to-text, ElevenLabs for the voice, Telnyx for the phone line). The full list with addresses is at List of Sub-Processors.
2. Where is the data, Germany or USA?
The application data (transcripts, appointments, clinic configuration) lives exclusively in Germany, in Hetzner's Falkenstein and Nuremberg data centres. During a call, the voice stream passes through the US providers listed above (that's why the privacy policy talks about third-country transfers). But nothing permanent is stored in the US; the US providers retain nothing once the call is over.
3. Are the calls recorded?
By default, no. The voice stream is converted to text in the moment and then immediately discarded (max. 60 seconds of buffering). What gets stored is the transcript (the text). If you want a permanent audio recording for quality assurance, it has to be in the main contract, and Lina then plays an additional notice at the start of each call. If the caller says "do not record", recording stops immediately. Details: DPA § 10.3.
4. What happens to our data if we terminate the contract?
You choose: export (as a file) or delete. Standard period after contract end: 30 days for live data, another 90 days for backup snapshots. After that everything is irretrievably gone. The deletion is confirmed in text form on request. Details: DPA § 4.7.
5. A patient calls and asks "what data do you have on me?". Who answers?
You, as the practice. You are the controller under the GDPR; we are only your processor. If the request lands with us, we forward it to you within 5 working days and support you technically (e. g. with an export file of every transcript the person appears in). The formal reply to the patient comes from you, on your letterhead. Details: DPA § 4.5.
6. Emergency on the phone: what does Lina do?
Escalates to a human immediately, without hesitation. A hard-wired list of medical emergency terms ("chest pain", "shortness of breath", "unconsciousness", etc.) triggers the handover before the model even generates its own response. On top of that, the 75 % confidence threshold applies: if Lina isn't sure, it hands over. Lina does not diagnose, triage, or give medical assessments; that would be high-risk AI and is explicitly excluded. Details: DPA § 10.4.
7. Who's liable if there's a data breach?
It depends on the source. If our system is at fault (bug, misconfiguration, compromised server), Lucid AI Labs is liable. There is a Hiscox IT professional liability insurance with €500,000 cover per claim for IT risks, including data breaches. If the breach comes from your practice (e. g. compromised staff account), you are liable. With shared responsibility, it's apportioned. Details: DPA § 12 and Imprint (insurance).
8. Do we have to inform our patients in advance?
Yes, it's a statutory obligation (Art. 13/14 GDPR). You have to tell your patients that you use an AI telephone assistant, what data gets processed, and what rights they have. We provide ready-made templates for this: a notice for the reception area, a short paragraph for your own privacy policy, a phone announcement. You get these templates with the onboarding package. Details: DPA § 10.2.
9. How long are transcripts kept?
90 days by default, then automatically deleted. You can change this per practice: between 7 days (minimum useful for complaints) and 365 days (if longer retention is needed). Appointment records (name, date, concern category) stay longer because German treatment law requires longer retention periods. Details: DPA § 11.
10. Do you train your AI on our patient data?
No. We use the Anthropic API in commercial mode with an explicit contract clause that input data is not used for training. We also don't train our own model on your data. Lina is improved through system-prompt tuning and configuration, not through fine-tuning on patient transcripts. Details: Privacy Policy § 6.
11. Anthropic, Deepgram, ElevenLabs are in the USA. What about the third-country transfer?
Clean basis: for each US provider there is a signed Standard Contractual Clauses (SCC, Module 2) contract and, where the provider is certified (Anthropic, Telnyx, Vercel, Resend, Microsoft), additionally reliance on the EU-U.S. Data Privacy Framework. For each US recipient, a Transfer Impact Assessment (TIA) is also documented: we have looked at what happens if US authorities want access, and what additional measures we take. TIA documents are available on request. Details: Privacy Policy § 8.
12. Do we need a data protection officer because of the voice agent?
Practices over 20 staff handling health data already need a DSB (Datenschutzbeauftragter) regardless; Lina doesn't change that. If you're a smaller practice without a DSB so far, you'll need to assess case by case. Lucid AI Labs itself appoints an external DSB before the onboarding of the first paying clinic; until then, requests are handled directly by the controller. Details: Privacy Policy § 1.
13. In a data incident: when do you tell us?
At the latest 48 hours after awareness. You receive in writing: what happened, what data categories are affected, how many persons are likely affected, what consequences are likely, what we're doing about it. The 72-hour notification to the supervisory authority you make yourself as the controller (statutory obligation); we provide you with all the information you need for that. Details: DPA § 6.
14. What's the difference between the Privacy Policy and the DPA?
The Privacy Policy is for everyone who visits our website or talks to Lina, so callers and website visitors. It's the mandatory GDPR information notice and says what happens with personal data. The DPA (Data Processing Agreement) is only between you as the practice and us as the service provider; it governs contractually how we process your patient data on your behalf. Both exist in DE and EN, both apply alongside each other.
15. Who actually does your compliance: lawyer? Audit?
Honest answer: The legal foundation (DPA, Privacy Policy, Imprint, TOMs) was drafted by Lucid AI Labs itself with reference to current supervisory authority guidelines (BayLDA, EDPB, German IT-Grundschutz/BSI), the AI Act, and § 203 StGB. If you need a third-party compliance stamp for your clinic (e. g. ISO 27001 for a tender), we're happy to talk about a custom audit package. A formal ISO/IEC 27001 certification for Lucid AI Labs itself is not currently in preparation; the effort only pays off above a certain customer count. Hetzner as our host is ISO 27001 certified.
Direct contact
Question not answered? Send it directly to [email protected]. Answer within one working day, in normal language, no legalese.