Helix Health
Healthcare · Stockholm
GDPR-compliant routing across 4 regions with zero data retention
How Helix kept PHI off vendor logs while still using best-of-breed LLMs.
“Zero-data-retention mode plus per-region routing was the only combination that passed our DPIA.”
Challenge
Helix Health processes clinical-note summarisation for hospital networks across the Nordics. Every LLM call brushes against patient health information, which means every call has to clear a strict data-protection impact assessment: no prompt body retention, no training on customer data, no out-of-region routing.
The team had already negotiated zero-retention agreements with two providers — but ad-hoc, on a per-contract basis, with no programmatic guard that a request couldn't accidentally hit a non-DPA'd model.
Solution
Helix moved their entire inference stack to AllRoutes and switched on:
- Zero-data-retention mode — flag
zdr: trueis enforced at the gateway layer. Any request to a model not covered by a ZDR agreement returns 451 Unavailable For Legal Reasons before the body ever leaves Helix's region. - Per-region routing —
region: "eu-north"keeps requests inside the Frankfurt + Stockholm provider regions, never failing over to US endpoints even during incidents. - Audit logs — every routing decision and the provider it landed on is stored in ClickHouse for the auditor's six-month window.
Result
- DPIA approved in a single review cycle — the auditor confirmed the gateway-level enforcement, no per-team training required.
- Zero in-region failovers blocked in production — the routing constraint is enforced at request time, not after the fact.
- One audit trail instead of four separate provider exports at quarter-end.
Ready to ship the same way?
Spin up an API key in under a minute. $5 in free credits gets you through the integration.