"Health. Powered by Ada."
Ada is an AI-powered symptom checker and digital health assistant for end users, as well as an enterprise platform for symptom intake, care navigation, clinical handovers, and insights. According to the terms, Ada uses a proprietary probabilistic reasoning technology built on a medically curated knowledge base; for partners, additional routing, integration, and handover functions are offered.
Ada Health
Health. Powered by Ada
Location: Germany ⓘ Ada Health GmbH, Neue Grünstraße 17, 10179 Berlin, Germany.
Partnerships / Demo / individual contracts According to the Help Center, Ada is financed through private investments, commercial relationships with healthcare systems, insurers, and life science companies, as well as grants and partnerships. Enterprise use apparently takes place individually via a demo/contact process; no public standard pricing was found.
Target audience
On the consumer side, Ada is aimed at private individuals who want to assess symptoms in a more structured way and better understand appropriate next steps. In the B2B segment, Ada primarily targets healthcare systems, insurers, life sciences companies, and partner platforms looking for a digital front door for symptom capture, triage, and care navigation. The product is not intended for traditional general office or creative use.
Outstanding features
Its strongest features include AI-powered symptom analysis, assessment of urgency and care pathways, Clinical Handover for medical teams, and aggregated insights for partners. Particularly noteworthy is the hybrid architecture currently emphasized by Ada, combining LLMs with a probabilistic clinical engine, which was communicated in 2026 via an EPO patent and, according to Ada, is designed for explainability and regulatory usability.
Main application areas
Typical use cases include digital initial assessment of symptoms, patient self-navigation to the appropriate level of care, structured preparation for consultations, transfer of clinical summaries, and population-level analysis of anonymized trends. In the enterprise context, Ada is therefore primarily a digital front door and care navigation tool for healthcare systems and insurers.
Use & notes
End users use Ada as a free app or web-based assessment tool. It is important to note the official disclaimer that Ada does not provide a medical diagnosis and does not replace medical advice. From a data protection perspective, it is positive that sensitive health data remains in the EU according to the Privacy Policy; at the same time, organizations should carefully review the documented third-country connections of individual processors, statistical/research processing, and the lack of end-to-end encryption for emails before a rollout.
| Target audience | Assessment |
|---|---|
| Private individuals / patients | Very suitable – free symptom checker, health information, and guidance on possible next steps; not a substitute for a doctor’s visit or diagnosis. |
| Parents / families | Suitable – Ada also allows use for other people, where legally permissible and with the necessary consent; use with particular care in the case of minors and sensitive health data. |
| Medical practices / telemedicine providers | Suitable – for structured pre-consultation symptom capture, digital patient journey, clinical handover reports, and better consultation preparation. |
| Hospitals / healthcare systems | Very suitable – Ada positions itself for care navigation, triage, patient routing, reduction of unnecessary emergency department/urgent care use, and appropriate care pathways. |
| Health insurers / health plans | Very suitable – Ada offers health plan solutions for symptom assessments, care navigation, Clinical Handover, and insights. |
| Pharma / life sciences | Suitable – especially for patient finding, earlier patient journey stages, awareness-to-action processes, and disease-specific navigation pathways; enterprise review required. |
| Startups / health tech providers | Conditionally suitable – useful for health platforms, digital care offerings, or patient journey products; not relevant for general startups without a healthcare focus. |
| Privacy-sensitive organizations | Conditionally suitable – positive EU hosting and German provider structure, but highly sensitive health data, various processors, and possible third-country processing of limited data make a detailed GDPR/medical device review necessary. |
Hosting & Data
1) On-prem / local hosting
Meaning: The company operates the solution on its own hardware or within its own infrastructure. In the strictest sense, not only the application runs locally, but ideally the model as well.
2) Private cloud / data center
Meaning: The solution runs in a dedicated or more clearly separated cloud environment, often with a hosting provider or hyperscaler, but in a German data center or in a particularly controlled environment.
3) EU SaaS / managed
Meaning: The provider operates the solution itself as a service. The company uses the tool as a ready-made cloud service, ideally with EU data residency.
4) Hybrid
Meaning: One part of the processing remains internal / local / in a private cloud, while another part runs in an external cloud or EU SaaS.
5) AVV / DPA
Meaning: This is the data processing agreement or Data Processing Addendum. It governs that the provider processes personal data on behalf of the customer and is bound by the customer's instructions.
6) No training
Meaning: The provider does not use your prompts, uploads, attachments, chat histories, or outputs for training or improving the general model — ideally excluded by contract.
7) Open-source / transparency path
Meaning: There is a path toward greater technical transparency and sovereignty, for example through:
- open models
- documented components
- self-hostable parts
- traceable architecture
- export / switching options
| On-prem / local hosting | ❓ |
| Private cloud / data center | ⚠️ |
| EU SaaS / Managed | ✅ |
| Hybrid | ❓ |
| DPA / AVV | ⚠️ |
| No training on customer data | ⚠️ |
| Open source / transparency path | ❓ |
On-premises / local hosting: unclear
An on-premises/local self-hosting option is not listed on the website.
Private cloud / data center: partially
There are clear indications of EU-based cloud infrastructure and separate storage of sensitive data within the EU. However, the website does not specify a dedicated, customer-isolated private cloud or single-tenant option.
EU SaaS / Managed: Covered
The website documents a provider-operated cloud solution with storage in the EU; health data and other sensitive data are always supposed to remain in the EU. This essentially confirms an EU SaaS/Managed option.
Hybrid: Indirect / Not Available
Ada describes website, app, and partner integrations as well as data flows to partner platforms, but a clearly documented hybrid architecture with an internal/local customer component and an external Ada component is not specified on the website.
Service Agreement / DPA: Partially
The privacy policy states that technical service providers act as data processors based on Data Processing Agreements pursuant to Art. 28 of the GDPR. However, an explicit DPA accessible to customers with Ada as the provider is not specified on the website.
No Training: Partially
The website does not clearly and generally state that prompts, uploads, chat histories, or outputs are never used to train general models. Instead, there are references to research and improvement, invitations to participate in research, and the use of anonymized data in the Terms; at the same time, health data is not shared with advertisers, and the rights to object and to erasure are described. A clear contractual “no training” exclusion is not specified on the website.
Open Source / Transparency: Indirect / Not Available
The website describes a proprietary AI/reasoning system. Open-source models, openly documented core components, or self-hostable open-source building blocks are not mentioned on the website.
Data Processing
Ada describes processing via its own services as well as through technical service providers. AWS EMEA and Google Commerce Limited EU cloud servers are listed as storage locations; a help page specifies Google Cloud in Belgium and MongoDB in the same EU data center. The service provider page lists, among others, AWS, GCP, MongoDB Atlas, Cloudflare, Confluent Cloud, Adjust, Braze, Honeycomb, Sumo Logic, Sentry, Copper, and Intercom. According to the privacy policy, limited data may be processed by subprocessors outside the EEA; health data and other sensitive data are always to remain within the EU.
Conclusion
For an EU/EEA directory, Ada can generally be classified as conditionally GDPR-compliant: The website provides substantial evidence of EU storage, GDPR compliance, data processing on behalf of clients, and security certifications. At the same time, key points required for a particularly stringent European assessment remain unaddressed or only partially substantiated, particularly freely available customer data processing agreements (DPAs)/DPAs, fully documented EU-only data paths without third-country involvement, as well as on-premises/self-hosting or a transparent “no training” path. There is much to be said for normal EU SaaS usage, but the website documentation is not robust enough to warrant an unqualified “yes” rating.
Sources
| On-prem / local hosting | ❓ |
| Private cloud / data center | ⚠️ |
| EU SaaS / Managed | ✅ |
| Hybrid | ❓ |
| DPA / AVV | ⚠️ |
| No training on customer data | ⚠️ |
| Open source / transparency path | ❓ |
On-premises / local hosting: unclear
An on-premises/local self-hosting option is not listed on the website.
Private cloud / data center: partially
There are clear indications of EU-based cloud infrastructure and separate storage of sensitive data within the EU. However, the website does not specify a dedicated, customer-isolated private cloud or single-tenant option.
EU SaaS / Managed: Covered
The website documents a provider-operated cloud solution with storage in the EU; health data and other sensitive data are always supposed to remain in the EU. This essentially confirms an EU SaaS/Managed option.
Hybrid: Indirect / Not Available
Ada describes website, app, and partner integrations as well as data flows to partner platforms, but a clearly documented hybrid architecture with an internal/local customer component and an external Ada component is not specified on the website.
Service Agreement / DPA: Partially
The privacy policy states that technical service providers act as data processors based on Data Processing Agreements pursuant to Art. 28 of the GDPR. However, an explicit DPA accessible to customers with Ada as the provider is not specified on the website.
No Training: Partially
The website does not clearly and generally state that prompts, uploads, chat histories, or outputs are never used to train general models. Instead, there are references to research and improvement, invitations to participate in research, and the use of anonymized data in the Terms; at the same time, health data is not shared with advertisers, and the rights to object and to erasure are described. A clear contractual “no training” exclusion is not specified on the website.
Open Source / Transparency: Indirect / Not Available
The website describes a proprietary AI/reasoning system. Open-source models, openly documented core components, or self-hostable open-source building blocks are not mentioned on the website.
Data Processing
Ada describes processing via its own services as well as through technical service providers. AWS EMEA and Google Commerce Limited EU cloud servers are listed as storage locations; a help page specifies Google Cloud in Belgium and MongoDB in the same EU data center. The service provider page lists, among others, AWS, GCP, MongoDB Atlas, Cloudflare, Confluent Cloud, Adjust, Braze, Honeycomb, Sumo Logic, Sentry, Copper, and Intercom. According to the privacy policy, limited data may be processed by subprocessors outside the EEA; health data and other sensitive data are always to remain within the EU.
Conclusion
For an EU/EEA directory, Ada can generally be classified as conditionally GDPR-compliant: The website provides substantial evidence of EU storage, GDPR compliance, data processing on behalf of clients, and security certifications. At the same time, key points required for a particularly stringent European assessment remain unaddressed or only partially substantiated, particularly freely available customer data processing agreements (DPAs)/DPAs, fully documented EU-only data paths without third-country involvement, as well as on-premises/self-hosting or a transparent “no training” path. There is much to be said for normal EU SaaS usage, but the website documentation is not robust enough to warrant an unqualified “yes” rating.
Sources
Strengths & weaknesses at a glance
| Strengths | Weaknesses |
|---|---|
| • Strong medical specialization instead of a generic health chatbot. | • Not a substitute for medical diagnosis; Ada explicitly states this itself. |
| • Free consumer access. | • No public B2B pricing or self-serve enterprise plans. |
| • Enterprise features for care navigation, clinical handover, and insights. | • For generic SMEs outside healthcare, there is usually no suitable standard use case. |
| • Regulatory and quality signals: EU-MDR Class IIa, ISO 27001, ISO 13485. | • Parts of the infrastructure/processors are located outside the EEA; therefore, data protection review remains relevant despite a good foundation. |
| • Public privacy documentation with DPO, processor list, and EU storage of sensitive data. | • According to the privacy policy, unencrypted email communication is not end-to-end encrypted. |
| • Broad integration capability via web, app, portal, and FHIR/EHR/CRM. |
Reviews
0 reviews in total
There are no confirmed reviews for this tool yet.
Submit review
Your review will only become visible after email confirmation. This protects the portal against abuse.
Report review
Please select the reason why this review should be checked.
GDPR-compliant usage possible?
From the perspective of a user in the EU/EEA, there are several strong GDPR indicators on the website: Ada Health GmbH identifies itself as the controller pursuant to Art. 4(7) of the GDPR, describes the rights of data subjects, specifies processing based on Article 28 of the GDPR (data processing by a processor), stores personal data within the EU according to its privacy policy, and states that health data and other sensitive data always remain within the EU. At the same time, the website also lists subprocessors outside the EEA or U.S. providers and refers to third-country mechanisms. The website does not indicate a straightforward, fully documented EU-only operation without such restrictions, an explicitly published customer data processing agreement (DPA) available for download, or a clearly documented on-premises/self-hosting option. Therefore, GDPR-compliant use within the EU/EEA is plausible, but it is documented only under certain conditions and not comprehensively for all use cases.
Positive
The following are positively confirmed: a privacy policy with explicit reference to the GDPR; Ada Health GmbH in Berlin as the data controller; storage of personal data within the EU; a statement that health data and other sensitive data always remain within the EU; listing of data processors and Data Processing Agreements pursuant to Art. 28 GDPR; published list of service providers; ISO 27001 and ISO 13485 certifications on the website; security page with a statement regarding EU servers and “security by design.”
Negative
Negative or limiting aspects include: According to the privacy policy, limited processing by subprocessors outside the EEA may take place; the list of service providers includes several U.S. providers; an explicit customer DPA is not listed on the website as a freely accessible document; an explicit EU data residency commitment for all data flows across all product variants is not fully articulated; On-premises, self-hosting, and private cloud options are not listed on the website; a clear contractual “no training” path for all inputs and outputs is not specified on the website.
Server Location
The website lists the EU as the storage location. The privacy policy states that personal data is stored in the European Union on cloud servers operated by AWS EMEA in Luxembourg and Google Commerce Limited in Ireland. The “How is my data stored by Ada?” help page specifically mentions a Google Cloud location in the EU, “Europe-West1” in Belgium, as well as MongoDB Cloud Services in that data center. Additionally, the privacy policy states that health data and other sensitive data always remain within the EU. However, limited data may be processed by subprocessors outside the EEA.