# Buoy Health

## Kurzbeschreibung
**“When something feels off, Buoy it”**


**Buoy Health **is a U.S. digital health/AI tool for symptom checking, initial clinical assessment, triage, and care navigation. 


End users can enter symptoms via chat/quiz and receive possible causes, guidance on urgency, and recommendations for next steps in care. In addition, Buoy offers clinically editorially supervised health content, disease-specific AI quizzes, as well as an API for integration into apps, websites, and patient portals.

## Claim
When something feels off, Buoy it

## Geeignet für
- API Integration
- Medicine & Healthcare
- Research

## Kernfunktionen
- Chatbot
- Symptom Check

## Preismodell
- **free:** Free to use; account creation is free according to the Help Center. Includes AI-powered symptom checking, clinical guidance, and indications of possible next steps.
- **other:** **Buoy API / Enterprise Programs **Symptom-checking and triage engine for integration into websites, apps, or organizational programs; demo/contract model for organizations.


**Third-Party Services / Care Navigation **Buoy can direct users to third-party providers, health services, or care pathways; availability and terms depend on the respective partner.

## DSGVO und Datenschutz
**Gesamteinschätzung:** No

**On-prem / local hosting: indirect / not available**

No on-prem, local, or self-hosting option was found on the website. The website describes web services and APIs, but does not mention operation on customer infrastructure.

**Private Cloud / Data Center: Unclear**

There is no specific information regarding dedicated customer environments, private cloud models, or dedicated EU/EEA data centers.

**EU SaaS / Managed: Indirect / Not Available**

The website does not specify EU/EEA data residency or EU-operated SaaS. Instead, the privacy policy refers to U.S. control and U.S. law.

**Hybrid: unclear**

The website does not provide a reliable description of a hybrid model involving a combination of internal/local and external processing.

**DPA: Indirect / Not Available**

No DPA was found on the website. The only mention is of a HIPAA “Business Associate Agreement” for certain U.S. enterprise programs, which does not constitute evidence of a GDPR DPA for EU/EEA customers.

**No Training: Indirect / Not Available**

No robust opt-out or contractual exclusion regarding the use of user inputs or history for general AI training was found on the website. On the contrary, the website states that Buoy’s medical models are regularly updated using “Buoy user data and feedback”; furthermore, the Terms of Service grant Buoy extensive rights to use “Your Information,” except where HIPAA/PII exceptions apply.

**Open Source / Transparency Path: Indirect / Not Available**

No open-source components, open models, self-hostable parts, or a documented transparency/sovereignty path were found on the website.

**Data Processing**

The website describes Buoy as a web-based solution featuring a symptom checker, chat interaction, and API integration. It processes health information, location information via IP address, and other personal data. There is general security information and a HITRUST statement, but no specific details regarding EU/EEA data residency, data center locations, subprocessors, or GDPR data transfer mechanisms.

**Conclusion**

For a German-language tool directory with ratings covering the entire EU/EEA region, the documentation provided on the provider’s website is insufficient for a GDPR-compliant classification. The provider documents its U.S. affiliation and the U.S. legal framework, but does not provide information on EU data residency, a Data Processing Agreement (DPA), or a transparent hosting or subprocessor structure. Consequently, based on the website, there is no evidence of reliable, GDPR-compliant use for EU/EEA users.

**Sources**

- [https://www.buoyhealth.com/privacy](https://www.buoyhealth.com/privacy)
- [https://www.buoyhealth.com/terms](https://www.buoyhealth.com/terms)
- [https://www.buoyhealth.com/security-and-privacy](https://www.buoyhealth.com/security-and-privacy)
- [https://www.buoyhealth.com/help](https://www.buoyhealth.com/help)
- [https://www.buoyhealth.com/healthsystems](https://www.buoyhealth.com/healthsystems)
- [https://www.buoyhealth.com/multi-symptom-checker/](https://www.buoyhealth.com/multi-symptom-checker/)
- [https://www.buoyhealth.com/](https://www.buoyhealth.com/)

Although the website includes a privacy policy and general security information, it does not provide any reliable details regarding EU/EEA data residency, EU data centers, data processing agreements (DPAs), subprocessors, or a GDPR-specific processing framework. On the contrary, the privacy policy explicitly states that Buoy is operated from the United States and that data processing is subject to U.S. law. For users throughout the EU/EEA, the website therefore does not demonstrate fully GDPR-compliant use.

**Positive**

Positive aspects include a publicly accessible privacy policy, references to technical and organizational security measures such as encryption, firewalls, identity management, and intrusion prevention/detection, as well as a mentioned HITRUST certification. In addition, Buoy describes options for filing complaints and contacting the company via email.

**Negative**

A particular negative factor for an EU/EEA GDPR assessment is that the website describes Buoy as being controlled and offered in the U.S., and the privacy policy explicitly states that U.S. law—and not the law of other jurisdictions—applies. Furthermore, the Terms of Service state that users must be located in the U.S. to use the services. The website does not specify EU server locations, EU data residency, SCCs/transfer mechanisms, AVV/DPA, a list of subprocessors, the option to opt out of AI training for general models, or on-premises/self-hosting options.

**Server Location**

Not specified on the website. The Privacy Policy merely states that Buoy is controlled and offered from the United States; specific server or data center locations in the EU/EEA are not mentioned.

## Hosting und Daten
- **On-Prem / lokales Hosting:** unknown
- **Private Cloud / Rechenzentrum:** unknown
- **EU SaaS / Managed:** unknown
- **Hybrid:** unknown
- **AVV / DPA:** unknown
- **Kein Training auf Kundendaten:** unknown
- **Open-Source / Transparenz-Pfad:** unknown

## Standort
**Land:** USA

**Taxonomie:** USA

Buoy Health, Inc., 580 Harrison Ave., Suite 1W, Boston, MA 02118, USA

## Vorteile
- Low barrier to entry: free symptom checker and free account.
- Clinical integration: according to Buoy, content is reviewed and/or guided by doctors/clinicians.
- Broad mix of features including AI triage, health content, quizzes, and care navigation.
- API/enterprise suitability for healthcare organizations and patient portals.
- Reference to a peer-reviewed JAMA paper on the product page.

## Nachteile
- No medical diagnosis or treatment service; explicitly no doctor-patient relationship.
- Terms require US residency; this limits international/EU use.
- Sensitive from a data protection perspective: health data + US legal nexus + analytics/advertising + ML use of de-identified data.
- No publicly available EU compliance documentation such as SCC notices, EU representative, EU hosting, or public AVV/DPA.
- Not for children under 13 and, according to the Terms, not intended for infants under 2 years old.

## Quellen
- Offizielle Website: https://www.buoyhealth.com/

## Letzter Datenstand
2026-05-01

## Originalseite
https://kifox.ai/en/ki-tools/buoy-health-en/