Clinicians use AI every day. So does your patient data.
Your teams already lean on AI to draft discharge letters, summarise notes, code referrals and clean up research data. The risk isn't the tool — it's what gets pasted into it: patient records, diagnoses, test results, genetic and mental-health data. That's special-category data under GDPR. Tracehold catches it on the device, in the browser, so PHI never leaves the machine, and maps your AI exposure to GDPR (Art. 9), NIS2, ISO 27001 and SOC 2, with audit-ready reports.
We see what's about to go to AI right where the clinician works — before it leaves the machine.
By default the prompt never leaves the browser. We only learn the type of finding, how severe it was, and when.
Across any AI tool or site your teams use — known and unapproved alike — including the free-form patient data that has no fixed shape.
Built and hosted in the EU (France), with EU data residency for everything that reaches our infrastructure.
The fastest way for patient data to leave is a prompt box
Generative AI didn't wait for a clinical safety review to arrive on the ward and in the lab — it came through the browser. Helpful, fast, and one paste away from sending special-category health data to a third party you never had a lawful basis to share it with. The intent is almost always to save time. The exposure isn't worth it.
Patient records & clinical notes
A clinician pastes a full case note — name, history, diagnosis, medication — into an AI tool to draft a referral or discharge letter. Each one is special-category health data under GDPR leaving your control.
Test results & research data
Researchers and analysts paste lab results, imaging reports or rows from a study dataset to "explain this finding" or "tidy up this table" — identifiers and outcomes going straight into a public model's prompt.
Code, integrations & documents
Developers paste integration code with embedded credentials into AI assistants to debug an HL7 or FHIR feed. Teams drop confidential protocols, ethics submissions and incident reports in to summarise them.
Built to recognise the data a health organisation can't afford to lose
With 1,600+ detection patterns running across any AI tool or site your teams use, Tracehold recognises both structured identifiers with a fixed shape and the free-form clinical detail that has none — and reads the text inside screenshots and scanned reports, on the device, by default.
Special-category health data
Diagnoses, conditions, medications, mental-health and genetic detail, and clinical narrative — recognised as the special-category data GDPR singles out for the strongest protection, even when it's written in free-form prose.
Patient identifiers
Names, dates of birth, addresses, national and patient record numbers, and contact details — including names and addresses that follow no fixed format and slip past pattern-only tools.
Credentials & confidential docs
API keys and tokens hidden in pasted integration code, plus internal protocols, ethics submissions and incident reports — caught so a quick "summarise this" doesn't quietly export them.
PHI never has to leave the browser to be protected
In healthcare the usual DLP bargain — "send your data to our cloud so we can inspect it" — is exactly the thing you're trying to avoid. Tracehold flips it: the check happens on the device, in the browser, so the patient data being protected never leaves the clinician's machine to get checked in the first place.
Detection runs locally
The prompt your team types is inspected right in the browser. By default it never leaves the tab — not to an AI tool, and not to us.
Only metadata in managed deployments
When Tracehold is centrally managed, only metadata — the type of finding, its severity and a timestamp — reaches the backend. The prompt content itself does not leave the browser by default.
Free plan stays entirely on-device
The free browser extension runs with no account and no backend — everything happens on the device. Nothing about what your staff type is sent anywhere.
Files already on the device, not just what's typed
The desktop agent can also scan PDFs, Word documents and spreadsheets already saved on a device — a discharge letter or a research export — for the same sensitive detail, before any of it is dragged into a prompt box.
The honest version
On the desktop, an organisation may choose to keep the exact text behind an alert so an admin can tell a real leak from a false alarm. Where that option is enabled, the text is encrypted and can only be revealed through an audited, permission-controlled action — and that's configured by you, not by us.
No silent copies, no master back door. We'll always tell you exactly where a sensitive item can exist and how it's protected. See how we protect your data →
Uncontrolled AI use touches the rulebooks that matter most in health
Health data sits at the strictest end of data protection. A single paste can trip more than one obligation at once.
GDPR — Art. 9 special category
Health data is special-category data under Article 9, with a higher bar for processing and sharing. Pasting it into a public AI tool can be an unlawful transfer to a third party. Catching it on the device keeps it from ever leaving your control.
NIS2
Healthcare is named among the essential and important sectors under NIS2, with stronger cyber-risk management and accountability. Demonstrable control over how data leaves to AI tools — with an audit trail — is part of showing you manage the risk.
EU AI Act
As clinical and research teams adopt AI, you need to know where and how it's used, and govern it. Tracehold maps your actual AI use so you can govern it rather than guess at it.
Compliance mapping you can put in front of the board
Tracehold maps your real AI exposure to GDPR, NIS2, ISO 27001 and SOC 2 — with GDPR Article 9 special-category data front and centre for health, and the EU AI Act's governance expectations built in. Instead of an annual questionnaire, you get a clear, always-current view that updates as your risk does — and the evidence behind it when an auditor or regulator asks.
Risk, not theatre
The mapping reflects what your people are actually doing with AI today — what's being caught, how often, how severe — not a point-in-time checklist that's stale by lunchtime.
Evidence on demand
Every finding leaves an audit trail with just the essentials — type, severity, timestamp — so you can show diligence to a regulator or DPA without exposing the underlying patient data.
Aligned, and honest about it
Tracehold is aligned with and mapped to ENS, PCI-DSS and SOC 2, with ISO 27001 certification in progress. We tell you exactly what is certified and what is mapped — never more.
From "we think we're fine" to "here's the picture"
Most health organisations can't answer a simple board question: how much patient data is going to AI right now? Compliance mapping answers it — and shows the trend as your controls take effect.
The mapping covers GDPR, NIS2, ISO 27001 and SOC 2 in one view, with EU AI Act governance built in. See compliance in depth →
Weeks, not months — no proxy, no network surgery
A hospital or trust can't bolt a new inline proxy into a clinical network on a whim. Tracehold rolls out as a browser extension you push with the device management you already run — so the security team stays in control and the network stays untouched.
Pushed via your MDM
Deploy the extension centrally through Microsoft Intune or any standard MDM, tied to your identity provider — Microsoft Entra ID or Okta. No agent your endpoint team has to babysit, no inline gateway.
Start observe-only
Begin in a pilot that watches and reports without blocking anyone. You see exactly what would be caught — and where your real exposure is — with zero disruption to clinical work before you turn on enforcement.
Plugs into your stack
Findings and alerts export to your SIEM, with real-time alerts to Slack or by email. Hosted in the EU (France), with EU data residency for everything that reaches our infrastructure.
Start free, scale to governed
Honest, published pricing. Begin on the device for free, add managed visibility and compliance reporting when you're ready.
Free
Runs entirely on the device. No account, no backend — nothing your staff type is sent anywhere.
See what's includedInsight — €40/user·mo
Managed visibility into AI exposure across your teams, with metadata-only reporting and live compliance mapping.
See InsightGovernance — €60/user·mo
Full enforcement, audit trail and integrations for security and compliance teams that need to prove control.
Talk to our teamWhat healthcare buyers ask first
Does patient data ever reach Tracehold?
How does this fit GDPR Article 9 for health data?
Will it slow clinicians down or break their tools?
Are you certified — ISO 27001, SOC 2?
Where is patient data actually hosted?
How fast can we be protected?
See what your organisation is already sending to AI
Start an observe-only pilot and get a clear, honest picture of where patient and research data is leaking to AI tools — with zero disruption to clinical work, and PHI that never leaves the browser. References available under NDA.