Tucuvi

Autonomous clinical voice AI agents that call patients and run care workflows

Suki AI

US AI clinical documentation assistant for physicians using voice and ambient AI

Tucuvi

Excellent

23/25

Suki AI

Caution

9/25

Score Breakdown

DimensionTucuviSuki AI

Data Residency

Where is your data stored and processed?

Tucuvi: EU-incorporated (Spain) and GDPR-compliant, so an EU hosting region is the reasonable expectation for EU customers, but specific data-centre locations and residency commitments are not published publicly — conservatively scored 4 pending confirmation via the Trust Center/DPA.

Suki AI: US-only infrastructure; no EU data residency option; patient voice data processed in the US

4/5

EU-incorporated (Spain) and GDPR-compliant, so an EU hosting region is the reasonable expectation for EU customers, but specific data-centre locations and residency commitments are not published publicly — conservatively scored 4 pending confirmation via the Trust Center/DPA.

1/5

US-only infrastructure; no EU data residency option; patient voice data processed in the US

Legal Jurisdiction

Which laws govern the company and your data?

Tucuvi: Incorporated as Tucuvi Care S.L. in Madrid with no US parent, placing it fully within EU/EEA jurisdiction.

Suki AI: US Delaware corporation; CLOUD Act applies to sensitive patient data; HIPAA-focused, not GDPR-optimised

5/5

Incorporated as Tucuvi Care S.L. in Madrid with no US parent, placing it fully within EU/EEA jurisdiction.

1/5

US Delaware corporation; CLOUD Act applies to sensitive patient data; HIPAA-focused, not GDPR-optimised

Data Retention & Training

Is your data used for model training?

Tucuvi: AI agents are trained on a proprietary manually-labelled dataset rather than on live customer data, and the QMS enforces GDPR/HIPAA data protection; however, no explicit public no-training-on-customer-data guarantee or detailed retention/DPA terms are published, so scored 4 rather than 5.

Suki AI: Opt-out from model training available; patient data retention governed by HIPAA; GDPR controls unclear

4/5

AI agents are trained on a proprietary manually-labelled dataset rather than on live customer data, and the QMS enforces GDPR/HIPAA data protection; however, no explicit public no-training-on-customer-data guarantee or detailed retention/DPA terms are published, so scored 4 rather than 5.

3/5

Opt-out from model training available; patient data retention governed by HIPAA; GDPR controls unclear

Certifications

ISO 27001, SOC 2, Cyber Essentials, etc.

Tucuvi: Strong, sector-specific stack: ISO/IEC 27001 and SOC 2 plus CE-marked Class IIb Software as a Medical Device under an ISO 13485 QMS, with EU AI Act and BS 30440 alignment. SOC 2 type (I vs II) not publicly specified.

Suki AI: SOC 2 Type II and HIPAA compliant; ISO 27001 not confirmed; no EU-specific certifications

5/5

Strong, sector-specific stack: ISO/IEC 27001 and SOC 2 plus CE-marked Class IIb Software as a Medical Device under an ISO 13485 QMS, with EU AI Act and BS 30440 alignment. SOC 2 type (I vs II) not publicly specified.

3/5

SOC 2 Type II and HIPAA compliant; ISO 27001 not confirmed; no EU-specific certifications

Regulatory Fit

Suitability for regulated industries and professional services

Tucuvi: Purpose-built for regulated EU healthcare and certified as a Class IIb medical device, suitable for hospitals and health systems under EMA/AEMPS oversight and GDPR.

Suki AI: Not suitable for EU patient data processing without major bespoke contractual and infrastructure changes

5/5

Purpose-built for regulated EU healthcare and certified as a Class IIb medical device, suitable for hospitals and health systems under EMA/AEMPS oversight and GDPR.

1/5

Not suitable for EU patient data processing without major bespoke contractual and infrastructure changes

Total Score

23/25

9/25

Best For

Tucuvi

Best for teams that prioritise data retention & training (scores 3/5) and need a review required-tier tool.

Suki AI

Best for EU-headquartered organisations needing maximum data sovereignty; organisations requiring broad certification coverage (CE-marked SaMD (Class IIb), ISO 13485, ISO/IEC 27001); regulated industries (AEMPS, EMA); privacy-conscious teams who need strong data retention controls.

Detailed Comparison

Suki AI vs Tucuvi: Trust & Compliance Comparison

Suki AI (Suki AI, US) scores 9/25 overall with a Review Required (Caution) trust badge. US AI clinical documentation assistant for physicians using voice and ambient AI. Tucuvi (Tucuvi, ES) scores 23/25 with a Gold (Excellent) trust badge. Autonomous clinical voice AI agents that call patients and run care workflows.

Dimension-by-Dimension Breakdown

#### Data Residency

Tucuvi leads with 4/5 vs 1/5.

●Suki AI (1/5): US-only infrastructure; no EU data residency option; patient voice data processed in the US

●Tucuvi (4/5): EU-incorporated (Spain) and GDPR-compliant, so an EU hosting region is the reasonable expectation for EU customers, but specific data-centre locations and residency commitments are not published publicly — conservatively scored 4 pending confirmation via the Trust Center/DPA.

#### Legal Jurisdiction

Tucuvi leads with 5/5 vs 1/5.

●Suki AI (1/5): US Delaware corporation; CLOUD Act applies to sensitive patient data; HIPAA-focused, not GDPR-optimised

●Tucuvi (5/5): Incorporated as Tucuvi Care S.L. in Madrid with no US parent, placing it fully within EU/EEA jurisdiction.

#### Data Retention & Training

Tucuvi leads with 4/5 vs 3/5.

●Suki AI (3/5): Opt-out from model training available; patient data retention governed by HIPAA; GDPR controls unclear

●Tucuvi (4/5): AI agents are trained on a proprietary manually-labelled dataset rather than on live customer data, and the QMS enforces GDPR/HIPAA data protection; however, no explicit public no-training-on-customer-data guarantee or detailed retention/DPA terms are published, so scored 4 rather than 5.

#### Certifications

Tucuvi leads with 5/5 vs 3/5.

●Suki AI (3/5): SOC 2 Type II and HIPAA compliant; ISO 27001 not confirmed; no EU-specific certifications

●Tucuvi (5/5): Strong, sector-specific stack: ISO/IEC 27001 and SOC 2 plus CE-marked Class IIb Software as a Medical Device under an ISO 13485 QMS, with EU AI Act and BS 30440 alignment. SOC 2 type (I vs II) not publicly specified.

#### Regulatory Fit

Tucuvi leads with 5/5 vs 1/5.

●Suki AI (1/5): Not suitable for EU patient data processing without major bespoke contractual and infrastructure changes

●Tucuvi (5/5): Purpose-built for regulated EU healthcare and certified as a Class IIb medical device, suitable for hospitals and health systems under EMA/AEMPS oversight and GDPR.

Certifications at a Glance

Certification	Suki AI	Tucuvi
CE-marked SaMD (Class IIb)	No	Yes
GDPR	No	Yes
HIPAA	Yes	Yes
ISO 13485	No	Yes
ISO/IEC 27001	No	Yes
SOC 2	No	Yes
SOC 2 Type II	Yes	No

Overall Verdict

Tucuvi has a clear trust advantage, scoring 23/25 compared to Suki AI's 9/25. Tucuvi particularly excels in data residency, legal jurisdiction, data retention & training, certifications, regulatory fit.

Frequently Asked Questions

Which is better for EU compliance, Tucuvi or Suki AI?

Tucuvi has a TrustKit score of 23/25 while Suki AI scores 9/25. Tucuvi currently rates higher across data residency, legal jurisdiction, data retention, certifications, and regulatory fit.

How do Tucuvi and Suki AI compare on data residency?

Tucuvi scores 4/5 for data residency (EU-incorporated (Spain) and GDPR-compliant, so an EU hosting region is the reasonable expectation for EU customers, but specific data-centre locations and residency commitments are not published publicly — conservatively scored 4 pending confirmation via the Trust Center/DPA.), while Suki AI scores 1/5 (US-only infrastructure; no EU data residency option; patient voice data processed in the US).

Are Tucuvi and Suki AI GDPR compliant?

Both tools are assessed across five compliance dimensions. Tucuvi has a regulatory fit score of 5/5 and Suki AI scores 1/5. Check the full comparison above for a detailed breakdown.

Explore Each Tool