Enterprise-Grade Security. German Engineering.
Built with privacy-by-design principles. GDPR-compliant workflows. Transparent data processing.
GDPR Role Clarity
Clear responsibilities under GDPR Article 28 for transparent data processing.
Your Organization
Data Controller
You decide what data to process, how long to retain it, and for what purposes. You maintain full control over your customer data.
LSM Agents
Data Processor
We process data exclusively on your instructions. We implement technical measures and support your compliance obligations.
Clear role separation under GDPR Article 28
DPA/AVV (Auftragsverarbeitungsvertrag) available for download. View DPA/AVV
Documented processing activities and technical measures
Data Minimization by Design
We collect only what is necessary and give you full control over retention.
Structured Data Only
We capture structured data, not raw recordings. Only the information you need is stored.
No Call Recording Option
For compliance-sensitive industries, we can operate without any audio recording.
Configurable Retention
Set data retention policies that match your compliance requirements.
Clear Deletion Procedures
Request data deletion at any time with documented confirmation.
Full Transparency
We are transparent about what data is stored, where, and for how long.
Infrastructure Security
Enterprise-grade security measures to protect your data.
Encryption in Transit
TLS 1.3 encryption for all data in transit
Encryption at Rest
All stored data is encrypted using AES-256
EU Hosting Available
Data centers in Frankfurt, Germany
Access Controls
Role-based access and comprehensive audit logs
Security Reviews
Regular security assessments and updates
Incident Response
Documented procedures for security incidents
Healthcare-Ready Workflows
Designed specifically for medical practice requirements and patient data protection.
No Audio Recording
Patient calls are not recorded. Audio is processed in real-time only.
Structured Intake Data
Only essential intake information is captured and stored.
DPA/AVV Coverage
Our DPA/AVV explicitly covers health data processing.
Staff Escalation
Sensitive cases are immediately escalated to your staff.
Built for German medical practices with GDPR and professional confidentiality requirements in mind.
Data Processing Agreement (DPA/AVV)
Our Auftragsverarbeitungsvertrag defines how we process data on your behalf under GDPR Article 28. It covers processing scope, security measures, sub-processors, and your rights.
View & Download DPA/AVVSecurity Questions
Where is data hosted?
We offer EU hosting options with data centers in Frankfurt, Germany. Data is processed in full compliance with GDPR requirements.
Do you record calls?
We can operate without call recording. For many workflows, we only store structured outcomes like appointment details and caller information.
What is a DPA/AVV?
A Data Processing Agreement (Auftragsverarbeitungsvertrag) defines how we process data on your behalf under GDPR Article 28. It establishes the legal framework for data processing.
How do we delete data?
Configurable retention policies and deletion procedures are built into the platform. You can request data deletion at any time with written confirmation.
Is this compliant for healthcare?
Yes. We support GDPR-compliant healthcare workflows with no-recording options, structured data only, and proper controller/processor role separation.
Security Questions?
Our team is here to answer your security and compliance questions.
security@lsm-agents.de