Hi Human Trust Centre
One place for compliance officers, auditors, and procurement teams to find the evidence they need about how Hi Human Ltd protects health data.
Hi Human Ltd builds a clinical operating system for dental and medical practices in the United Kingdom. This trust centre exists so that you - as an auditor, DPO, insurer, or procurement lead - can evaluate our security posture without waiting on an email thread.
Start here
Data Processing Agreement
The DPA is the contract every clinic signs before we touch patient data. See GDPR & DPA for the full breakdown of controller/processor responsibilities and lawful bases.
Sub-processor register
Every third party that processes customer data on our behalf, including region, data types, and DPA status. See Sub-processors. Notice period for changes: 30 days.
NHS certifications
DSPT, DCB0129 clinical safety, Cyber Essentials Plus, ISO 27001 - status, evidence, and roadmap. See Certifications.
Security controls
The technical and organisational measures we use to satisfy GDPR Art. 32. See Security controls.
Key facts at a glance
| Topic | Answer |
|---|---|
| Hosting region | Microsoft Azure UK South (London) |
| Data residency | UK only, no cross-region replication of patient data |
| Encryption at rest | AES-256-GCM for PII columns + Azure-managed disk encryption |
| Encryption in transit | TLS 1.2+ on every endpoint |
| Breach notification SLA | 24 hours to the controller (enables their 72h ICO obligation) |
| Hosting sub-processor | Microsoft Azure — signed DPA |
| DPO | dpo@hihumanai.com |
How to request evidence
Email dpo@hihumanai.com with your specific ask. We respond within 2 working days with the current pack. Typical requests:
- Data Processing Impact Assessment (DPIA)
- Record of Processing Activities (ROPA)
- Penetration test summary
- Software Bill of Materials (SBOM)
- Sub-processor register with DPA dates
- Incident response runbook
Reporting a security issue
If you are a security researcher and you believe you have found a vulnerability, please email security@hihumanai.com. We aim to acknowledge within 24 hours and will never pursue legal action against good-faith researchers who comply with our disclosure policy.