EIR TEC EIR TEC Home

Last updated: 16 May 2026

Privacy Policy

EIR TEC LTD (registered in England, company no. 15309722) and EIR TEC AS (registered in Norway, organisation no. 936 876 242) are the joint data controllers for the EIR TEC platform. This page explains, in plain English, what we collect, why, and the rights you have over your data.

1. Who this applies to

This policy covers the public marketing site at eirtech.co.uk, the clinician workspace and the patient portal. Where a clinic or healthcare provider is the data controller for their patients' clinical records, EIR TEC acts as the data processor on their behalf under a written Data Processing Agreement.

2. What we collect

  • Account identity — name, work email, phone number, and the identity attributes returned by your sign-in provider (Microsoft Entra ID, Google Workspace, NHS CIS2, or passkey credential). Used to verify and contact you.
  • Operational logs — IP address, user agent, sign-in events. Retained for security, audit and incident investigation.
  • Clinical content you create — patient records, journal notes, transcripts and EEG recordings. Stored on behalf of your clinic; never used for marketing or model training.
  • Service usage statistics — tokens consumed, transcription minutes, API calls. Used for billing and capacity planning, never the content of your clinical work.

3. Where it lives

All clinical data is encrypted at rest on Microsoft Azure UK South (UK customers) and EU North (Norwegian customers). Data is logically isolated per organisation and is not shared between tenants. EIR TEC does not sell or share personal data with third parties for marketing.

4. AI processing

AI features (live transcription and journal generation) run on Azure Cognitive Services and Azure OpenAI in the same UK/EU regions. Your clinical content is never used to train foundation models. Transcripts are processed in-session and discarded unless you explicitly save them to the journal.

5. EEG data

EEG recordings collected from the at-home headband are pseudonymised at acquisition. Only anonymised signal metrics are processed by EIR's analysis engine to support diagnostic and monitoring workflows. Personally identifying EEG recordings remain inside the clinic's data tenancy.

6. Your rights

Under UK GDPR and the Data Protection Act 2018 you may at any time:

  • request access to the personal data we hold on you;
  • request correction of inaccurate data;
  • request deletion (subject to clinical record retention duties of the controlling clinic);
  • object to processing or request restriction;
  • raise a concern with the UK Information Commissioner's Office (ico.org.uk) or the Norwegian Data Protection Authority (datatilsynet.no).

7. Contact

Data protection questions: contact@eirtech.co.uk. After signing in, you can review the Data Processing Agreement that applies to your organisation in your account settings.

This document is provided for transparency. It does not replace the Data Processing Agreement signed by your clinic or organisation, which governs in case of conflict.