Data Privacy

We guarantee the highest standards of data privacy.

As part of our commitment to ensure the secure handling of sensitive data in accordance with the highest industry standards, all personal information is protected and managed securely in full compliance with the GDPR, Austrian Data Protection Act, and Austrian Telecommunications Act.

Our commitment to data security & privacy.

We use state-of-the-art encryption when transferring or storing any health information. We guarantee the security and privacy of sensitive user data by implementing strict company-wide guidelines and best practices.

European data centers

XUND hosts its services at a European cloud provider with data kept in Austrian data centers. Physical security includes redundant electricity, fire protection, and 24*7 onsite security officers.

Business continuity

XUND upholds a comprehensive strategy for ensuring business continuity. Data is securely backed up in remote geographical locations, with regular testing of restoration procedures.


There are various vulnerability scans incorporated into the development pipelines and product environments. Found vulnerabilities are reported to monitoring systems, and appropriate remediation actions are taken.

Personnel security

All staff is trained at onboarding and regularly thereafter on relevant security threats. Employee devices are centrally managed and have the latest security software running on them.

Our suppliers

All sub-processors need to go through a defined vendor evaluation process. All sub-processors have a signed statement of work, confidentiality agreement, and data processing agreement.

We are certified

XUND’s ISO27001-certified security systems undergo continuous improvement. The ISMS contains policies for incident management, application security, cryptography, segregation of networks, and many more.

Want to know more? We have collected some of the most frequently asked questions for you.

Do you have access to user data?

Since we do not collect any personal data by design, and do not link the anonymous data in such a way that we could potentially re-identify you, the use of our technology is as secure and safe as it gets. 

How do you protect sensitive health data?

Security and data protection are very important to us. First of all, all the data we are processing through the Medical API is anonymous by design. On top of that, we have also opted for local storage in Austria. This ensures that health data stored with us never leaves the European Union.

Where are the data centers located?

The data centers of our cloud provider Exoscale are certified according to ISO 9001 and ISO 27001 and are located in a military building in Vienna.

Which cloud provider do you work with?

We have a partnership with the largest Austrian telecommunications company A1 Telekom and therefore also use the services of Exoscale, a 100% subsidiary based in Switzerland.

Where can I find more details about your privacy practices?

If you would like to exercise any of your GDPR data protection rights (see point 3 of our privacy policy), or simply have questions about what happens to your data, feel free to email us at Our data protection team will be happy to answer your questions.