We guarantee the highest standards of data privacy.
As part of our commitment to ensure the secure handling of sensitive data in accordance with the highest industry standards, all personal information is protected and managed securely in full compliance with the GDPR, Austrian Data Protection Act, and Austrian Telecommunications Act.
Our commitment to data security & privacy.
We use advanced encryption when transferring or storing any health information. We guarantee the security and privacy of sensitive user data by implementing strict company-wide policies and good industry practices.
European data centers
XUND hosts its services at a European cloud provider with data kept in Austrian data centers. Physical security includes redundant electricity, fire protection, and 24*7 onsite security officers.
XUND upholds a comprehensive strategy for ensuring business continuity. Data is securely backed up in remote geographical locations, with regular testing of restoration procedures.
There are various vulnerability scans incorporated into the development pipelines and product environments. Found vulnerabilities are reported to monitoring systems, and appropriate remediation actions are taken.
All staff is trained at onboarding and regularly thereafter on relevant security threats. Employee devices are centrally managed and have the latest security software running on them.
All sub-processors need to go through a defined vendor evaluation process. All sub-processors have a signed statement of work, confidentiality agreement, and data processing agreement.
We are certified
XUND’s ISO27001-certified security systems undergo continuous improvement. The ISMS contains policies for incident management, application security, cryptography, segregation of networks, and many more.
Want to know more? We have collected some of the most frequently asked questions for you.
Do you have access to user data?
How do you protect sensitive health data?
Security and data protection are very important to us. First of all, all the data we are processing through the Medical API is anonymous by design. On top of that, we have also opted for local storage in Austria. This ensures that health data stored with us never leaves the European Union.
We are committed to achieving compliance with both GDPR and HIPAA regulations by controlling access to sensitive data and encrypting all personal information during storage and transmission. This way, we can guarantee the safe and secure usage of our technology.
Where are the data centers located?
The data centers of our cloud provider Exoscale are certified according to ISO 9001 and ISO 27001 and are located in a military building in Vienna.
Which cloud provider do you work with?
Where can I find more details about your privacy practices?