GDPR and your patient data

Patient records are health data — special-category under Article 9. Here is how we handle them and what you can ask of us.

Where data lives

Application data is stored exclusively in the European Union — Scaleway in Paris. We never transfer personal data outside the EU/EEA. Transactional email goes through Scaleway TEM, also EU-hosted.

The two roles

Your clinic is the controller for the patient records you enter. tuth.app is the processor under Article 28 GDPR. The Data Processing Agreement at /dpa formalises that relationship.

Data subject requests

If a patient asks for access, rectification, erasure, portability, or restriction of their data, contact your clinic — they are the controller. We will assist any clinic that asks us to facilitate a request.

Your rights as an account holder

Account holders may exercise the same rights for their own data (email, name, login activity). The fastest path is the form at /data-request, or write to tuth@yet.lu.

Always obtain a lawful basis before entering patient identifying data. Article 9(2)(h) covers processing necessary for the provision of dental care under your professional obligation of confidentiality.