Ethics & Compliance
Opinion AI does not collect, process or store any healthcare data. All patient and clinical data remains in the institution's own infrastructure, under the institution's own control. Our models come to the data; the data does not go to the model. This architectural principle is our foundational commitment — preceding every ethical and legal framework.
Zero data collection
by design.
Opinion AI does not collect any patient data, clinical records, identifiers or files; we do not process, store or repurpose them on our infrastructure. Our system works on the principle that "data does not come to the institution, the model goes to the institution" — offering a commitment beyond what KVKK and GDPR require.
Data stays in the institution
All patient, clinical, lab and operational data remains on the institution's own servers, under its own control. No data flow is established to the Opinion AI environment.
Institution is the data controller
Under KVKK, the role of "data controller" remains with the institution. We do not position ourselves as data processor or controller; we are a technology provider.
No secondary use
Institutional data cannot be used to train our models, served to other customers, or used for any secondary purpose. This is also contractually guaranteed.
Local inference
MINA clinical decision support computations run on the institution's infrastructure — on-premise or in an isolated cloud assigned to the institution. The output also stays within the institution.
Türkiye / EU boundary
If cloud is preferred, institutional data is processed only in Türkiye or the EU region; no cross-border transfer takes place.
Transparent architecture document
Data flow, access points and isolation boundaries are documented. Full documentation is provided for independent audit and the institution's own IT team.
Security architecture.
Data that stays in the institution is protected by multiple layers at the platform level, on top of the institution's own security standards.
AES-256 Encryption
Data is in transit over HTTPS, at rest on AES-256-encrypted disks. Keys are open to the institution's KMS oversight.
Local Network Isolation
The database is reachable only from the institution's local network. There is no externally exposed network endpoint; remote access is opened to administrators via SSH tunnel.
Role-Based Access
Least-privilege principle, multi-factor authentication, auditable logs for all actions.
Our responsible AI
commitment.
Opinion AI is bound not only by laws but by international AI ethics frameworks. Transparency, fairness, accountability and human oversight are our core principles.
Explainability
Every MINA output is presented with source reference, confidence score and rationale. "How was this answer produced?" is always transparently answered.
Human Oversight
All critical decisions (approve, missing document, reject, prescribe) are made by humans. MINA is a decision supporter, not a decision maker.
Bias Awareness
Model outputs go through periodic independent evaluation; fairness and consistency tests are applied in clinical domains.
Hallucination Control
Thanks to the GraphRAG architecture, responses are always grounded in reference sources; unverifiable claims are not produced.
International Ethical Frameworks
We operate in alignment with the WHO Ethics & Governance of AI for Health, the EU AI Act, the OECD AI Principles and the IEEE Ethically Aligned Design framework.
Enterprise Certifications
ISO/IEC 27001 (Information Security), ISO/IEC 27701 (Privacy), ISO 9001 (Quality), ISO 14001 (Environment), ISO 45001 (Occupational Health & Safety).
Questions about ethics
and compliance?
For detailed information on data protection, KVKK and ethics policies, our team is ready to help.
Get in Touch
AI-powered decision platform for healthcare. Better-informed decisions, better outcomes.