Tandem Health

AI medical scribe and coding assistant built to EU medical-device standards

Lighthouse

AI revenue management and business intelligence for hospitality and travel

Tandem Health

Excellent

25/25

Lighthouse

Strong

20/25

Score Breakdown

DimensionTandem HealthLighthouse

Data Residency

Where is your data stored and processed?

Tandem Health: Patient data is processed and stored exclusively in European data centres, and audio is deleted immediately after transcription with no storage — an explicit EU-only posture.

Lighthouse: Data hosted on AWS with EU region configuration for European customers. Belgian incorporation means primary data governance is under EU law. Appropriate for European hotel groups with GDPR obligations on guest and revenue data.

5/5

Patient data is processed and stored exclusively in European data centres, and audio is deleted immediately after transcription with no storage — an explicit EU-only posture.

4/5

Data hosted on AWS with EU region configuration for European customers. Belgian incorporation means primary data governance is under EU law. Appropriate for European hotel groups with GDPR obligations on guest and revenue data.

Legal Jurisdiction

Which laws govern the company and your data?

Tandem Health: Incorporated as Tandem Health AB in Sweden with no US parent, placing it fully within EU/EEA jurisdiction.

Lighthouse: Incorporated in Belgium under Belgian and EU law. GDPR applies as a matter of corporate law, not just contractual obligation. EU incorporation with no US parent company. No CLOUD Act exposure. Strong EU sovereignty story for the hospitality sector.

5/5

Incorporated as Tandem Health AB in Sweden with no US parent, placing it fully within EU/EEA jurisdiction.

5/5

Incorporated in Belgium under Belgian and EU law. GDPR applies as a matter of corporate law, not just contractual obligation. EU incorporation with no US parent company. No CLOUD Act exposure. Strong EU sovereignty story for the hospitality sector.

Data Retention & Training

Is your data used for model training?

Tandem Health: States it does not train AI models on patient or personal data, deletes audio immediately after transcription, offers enterprise data agreements, and operates under an ISO 13485 medical-device QMS.

Lighthouse: Customer hotel data is not used for cross-customer model training without consent. GDPR-compliant data processing agreements available under Article 28. Configurable data retention aligned with hospitality operational requirements.

5/5

States it does not train AI models on patient or personal data, deletes audio immediately after transcription, offers enterprise data agreements, and operates under an ISO 13485 medical-device QMS.

4/5

Customer hotel data is not used for cross-customer model training without consent. GDPR-compliant data processing agreements available under Article 28. Configurable data retention aligned with hospitality operational requirements.

Certifications

ISO 27001, SOC 2, Cyber Essentials, etc.

Tandem Health: Exceptional stack: ISO 27001:2022, ISO 13485:2016, ISO 42001:2023, ISO 14001, NEN 7510, plus CE/MDR Class IIa and UKCA medical-device marks, NHS DSPT and Cyber Essentials Plus. No SOC 2 published, but sector-specific medical-device certification more than compensates.

Lighthouse: Holds ISO 27001 certification. Appropriate baseline for a hospitality technology platform. SOC 2 Type II would strengthen the posture for hotel groups with enterprise procurement requirements.

5/5

Exceptional stack: ISO 27001:2022, ISO 13485:2016, ISO 42001:2023, ISO 14001, NEN 7510, plus CE/MDR Class IIa and UKCA medical-device marks, NHS DSPT and Cyber Essentials Plus. No SOC 2 published, but sector-specific medical-device certification more than compensates.

3/5

Holds ISO 27001 certification. Appropriate baseline for a hospitality technology platform. SOC 2 Type II would strengthen the posture for hotel groups with enterprise procurement requirements.

Regulatory Fit

Suitability for regulated industries and professional services

Tandem Health: Purpose-built and CE/MDR-certified as a medical device for EU and UK clinical use, with named applicability to healthcare regulators (EMA, MHRA) and NHS frameworks.

Lighthouse: Excellent fit for European hotel operators subject to GDPR and national data protection authorities. Belgian legal jurisdiction and EU data hosting provide a credible compliance posture. Good alignment with hospitality-specific data governance requirements.

5/5

Purpose-built and CE/MDR-certified as a medical device for EU and UK clinical use, with named applicability to healthcare regulators (EMA, MHRA) and NHS frameworks.

4/5

Excellent fit for European hotel operators subject to GDPR and national data protection authorities. Belgian legal jurisdiction and EU data hosting provide a credible compliance posture. Good alignment with hospitality-specific data governance requirements.

Total Score

25/25

20/25

Best For

Tandem Health

Best for EU-headquartered organisations needing maximum data sovereignty; regulated industries (ICO, APD (Belgium)); privacy-conscious teams who need strong data retention controls.

Lighthouse

Best for EU-headquartered organisations needing maximum data sovereignty; organisations requiring broad certification coverage (CE mark (EU MDR), MDR Class IIa, UKCA); regulated industries (EMA, MHRA); privacy-conscious teams who need strong data retention controls; teams on a tight budget.

Detailed Comparison

Lighthouse vs Tandem Health: Trust & Compliance Comparison

Lighthouse (Lighthouse, BE) scores 20/25 overall with a Silver (Strong) trust badge. AI revenue management and business intelligence for hospitality and travel. Tandem Health (Tandem Health, SE) scores 25/25 with a Gold (Excellent) trust badge. AI medical scribe and coding assistant built to EU medical-device standards.

Dimension-by-Dimension Breakdown

#### Data Residency

Tandem Health leads with 5/5 vs 4/5.

●Lighthouse (4/5): Data hosted on AWS with EU region configuration for European customers. Belgian incorporation means primary data governance is under EU law. Appropriate for European hotel groups with GDPR obligations on guest and revenue data.

●Tandem Health (5/5): Patient data is processed and stored exclusively in European data centres, and audio is deleted immediately after transcription with no storage — an explicit EU-only posture.

#### Legal Jurisdiction

Both score equally at 5/5.

●Lighthouse (5/5): Incorporated in Belgium under Belgian and EU law. GDPR applies as a matter of corporate law, not just contractual obligation. EU incorporation with no US parent company. No CLOUD Act exposure. Strong EU sovereignty story for the hospitality sector.

●Tandem Health (5/5): Incorporated as Tandem Health AB in Sweden with no US parent, placing it fully within EU/EEA jurisdiction.

#### Data Retention & Training

Tandem Health leads with 5/5 vs 4/5.

●Lighthouse (4/5): Customer hotel data is not used for cross-customer model training without consent. GDPR-compliant data processing agreements available under Article 28. Configurable data retention aligned with hospitality operational requirements.

●Tandem Health (5/5): States it does not train AI models on patient or personal data, deletes audio immediately after transcription, offers enterprise data agreements, and operates under an ISO 13485 medical-device QMS.

#### Certifications

Tandem Health leads with 5/5 vs 3/5.

●Lighthouse (3/5): Holds ISO 27001 certification. Appropriate baseline for a hospitality technology platform. SOC 2 Type II would strengthen the posture for hotel groups with enterprise procurement requirements.

●Tandem Health (5/5): Exceptional stack: ISO 27001:2022, ISO 13485:2016, ISO 42001:2023, ISO 14001, NEN 7510, plus CE/MDR Class IIa and UKCA medical-device marks, NHS DSPT and Cyber Essentials Plus. No SOC 2 published, but sector-specific medical-device certification more than compensates.

#### Regulatory Fit

Tandem Health leads with 5/5 vs 4/5.

●Lighthouse (4/5): Excellent fit for European hotel operators subject to GDPR and national data protection authorities. Belgian legal jurisdiction and EU data hosting provide a credible compliance posture. Good alignment with hospitality-specific data governance requirements.

●Tandem Health (5/5): Purpose-built and CE/MDR-certified as a medical device for EU and UK clinical use, with named applicability to healthcare regulators (EMA, MHRA) and NHS frameworks.

Certifications at a Glance

Certification	Lighthouse	Tandem Health
CE mark (EU MDR)	No	Yes
Cyber Essentials Plus	No	Yes
GDPR	No	Yes
ISO 13485:2016	No	Yes
ISO 14001:2015	No	Yes
ISO 27001	Yes	No
ISO 42001:2023	No	Yes
ISO/IEC 27001:2022	No	Yes
MDR Class IIa	No	Yes
NEN 7510	No	Yes
NHS DSPT	No	Yes
UKCA	No	Yes

Overall Verdict

Tandem Health has a clear trust advantage, scoring 25/25 compared to Lighthouse's 20/25. Tandem Health particularly excels in data residency, data retention & training, certifications, regulatory fit.

Frequently Asked Questions

Which is better for EU compliance, Tandem Health or Lighthouse?

Tandem Health has a TrustKit score of 25/25 while Lighthouse scores 20/25. Tandem Health currently rates higher across data residency, legal jurisdiction, data retention, certifications, and regulatory fit.

How do Tandem Health and Lighthouse compare on data residency?

Tandem Health scores 5/5 for data residency (Patient data is processed and stored exclusively in European data centres, and audio is deleted immediately after transcription with no storage — an explicit EU-only posture.), while Lighthouse scores 4/5 (Data hosted on AWS with EU region configuration for European customers. Belgian incorporation means primary data governance is under EU law. Appropriate for European hotel groups with GDPR obligations on guest and revenue data.).

Are Tandem Health and Lighthouse GDPR compliant?

Both tools are assessed across five compliance dimensions. Tandem Health has a regulatory fit score of 5/5 and Lighthouse scores 4/5. Check the full comparison above for a detailed breakdown.

Explore Each Tool