KuuloTrust Centre
Compliance built into
the architecture.
Kuulo processes everything, audio, transcripts, and AI notes, on your device. There’s no server to breach and no cloud record to request. Here’s the formal compliance picture, by framework.
UK GDPR & Data Protection Act 2018
CompliantEverything Kuulo records is processed on your device. Personal data never reaches our servers, so you, or your practice, stay the data controller throughout.
What we comply with
- UK GDPR & Data Protection Act 2018
- Processed on your device, nothing transmitted to Kuulo
- AES-256 encryption at rest (Apple Data Protection)
- DPIA completed and Records of Processing maintained
- No Data Processing Agreement needed for standard use
Request compliance documentation
Documents are provided by email, typically acknowledged within one business day.
Data Protection Impact Assessment
Full ICO-methodology DPIA: risks assessed, no residual high risk.
Request →
HIPAA · United States
Compliant · BAA availableIn normal on-device use, no protected health information ever reaches Kuulo. Audio, transcripts, and notes stay on the clinician's device. A Business Associate Agreement is available for organisations that require one.
What we comply with
- HIPAA / HITECH (45 CFR Parts 160 & 164)
- No PHI sent to Kuulo, processed on-device only
- AES-256 encryption at rest (NIST SP 800-111)
- Device authentication and remote wipe (Apple Find My)
- Full Business Associate Agreement available on request
Request compliance documentation
Documents are provided by email, typically acknowledged within one business day.
HIPAA Compliance Analysis
US market readiness: architecture review and technical-controls checklist.
Request →Business Associate Agreement
45 CFR §164.504(e)-compliant template with architecture disclosure.
Request →
EU General Data Protection Regulation
CompliantPatient and client data is processed on the device only. With nothing flowing to a server, the cross-border transfer question doesn't arise.
What we comply with
- EU GDPR (Regulation 2016/679)
- On-device only, no cross-border data transfer
- AES-256 encryption at rest
- No Article 28 processor agreement needed for standard use
Request compliance documentation
Documents are provided by email, typically acknowledged within one business day.
EU AI Act
CompliantKuulo meets the EU AI Act obligations in force today and is built for those arriving in August 2026. Every AI note is clearly marked as a draft and always reviewed by a person.
What we comply with
- No prohibited AI practices (Article 5)
- AI notes clearly labelled as drafts (Article 50 transparency)
- A person reviews every AI note before use
- Models run on-device, your data is never used for training
Request compliance documentation
Documents are provided by email, typically acknowledged within one business day.
AI Transparency Overview
How Kuulo meets the Act's transparency, human-oversight, and data-governance principles.
Request →
CCPA / CPRA · California
CompliantKuulo doesn't collect, sell, or share California residents' information. It never reaches our systems. We are not a data broker.
What we comply with
- CCPA / CPRA and CMIA
- No sale or sharing of personal information
- Not a data broker
- Health data stays on the device
Request compliance documentation
Documents are provided by email, typically acknowledged within one business day.
CCPA Vendor Questionnaire
Pre-filled California privacy questionnaire covering CCPA/CPRA, CMIA, and health data.
Request →Frequently asked questions
Is my data private?
Completely. Your recordings, transcripts, and notes are created and kept on your own device. Nothing is ever sent to Kuulo or anyone else: there's no server involved at all.
Where are my recordings stored?
Only on your iPhone or Mac. They're encrypted at rest with AES-256, and you can lock the app with Face ID, Touch ID, or a PIN whenever you like.
Could anyone, including Kuulo, read my notes?
No. Your notes are encrypted on your device and are never uploaded. Not even we can see them.
Does Kuulo work without internet?
Yes, that's the point. Transcription, speaker labels, translation, and AI summaries all run on the device, so Kuulo works anywhere: on a ward, in a lecture theatre, or on a plane.
Can my organisation use Kuulo with confidence?
Yes. Because nothing leaves the device, there's no third-party data processing to assess. For procurement teams that want paperwork, we provide a Data Processing Agreement and, for US healthcare, a Business Associate Agreement on request.
Is Kuulo compliant with privacy and AI regulations?
Yes. Kuulo meets UK & EU GDPR, CCPA/CPRA, and the EU AI Act, and is HIPAA-ready. Each framework has its own tab above with a plain-English summary and the documents you can request.
Updates
What's new in Kuulo: features, improvements, and security.
App Lock
- Lock the app with Face ID, Touch ID, or a PIN, backed by the device keychain.
- Your recordings, transcripts, and notes stay encrypted on-device with AES-256.
Template catalog
- Browse and install note templates from the in-app catalog: SOAP, lectures, meetings, and more.
Module notebooks
- Organise notes into modules with custom colours and icons, plus a per-module coverage timeline.
Long-recording reliability
- Chunked on-device processing keeps multi-hour recordings fast and stable.
Live translation
- Two-way, real-time translation that works fully on-device, no internet required.
Ask your notes
- On-device AI chat to question and summarise your own recordings.
Native macOS app
- A native Mac app with system-audio capture for calls and videos.
Sharing
- Share a polished note or template as a link that opens straight in the app.
Kuulo 1.0
- On-device transcription, automatic speaker labels, and AI summaries, fully offline.