Data Privacy

We guarantee the highest standards of data privacy.

As part of our commitment to ensure the secure handling of sensitive data in accordance with the highest industry standards, all personal information is protected and managed securely in full compliance with the GDPR, Austrian Data Protection Act, and Austrian Telecommunications Act. For more details on our privacy by design architecture and patient data security measures, please refer to our Medical API White Paper.

Our commitment to data security & privacy.

We use advanced encryption when transferring or storing any health information. We guarantee the security and privacy of sensitive user data by implementing strict company-wide policies and good industry practices.

European data centers

XUND hosts its services at a European cloud provider with data kept in Austrian data centers. Physical security includes redundant electricity, fire protection, and 24*7 onsite security officers.

Business continuity

XUND upholds a comprehensive strategy for ensuring business continuity. Data is securely backed up in remote geographical locations, with regular testing of restoration procedures.


There are various vulnerability scans incorporated into the development pipelines and product environments. Found vulnerabilities are reported to monitoring systems, and appropriate remediation actions are taken.

Personnel security

All staff is trained at onboarding and regularly thereafter on relevant security threats. Employee devices are centrally managed and have the latest security software running on them.

Our suppliers

All sub-processors need to go through a defined vendor evaluation process. All sub-processors have a signed statement of work, confidentiality agreement, and data processing agreement.

We are certified

XUND’s ISO27001-certified security systems undergo continuous improvement. The ISMS contains policies for incident management, application security, cryptography, segregation of networks, and many more.

Want to know more? We have collected some of the most frequently asked questions for you.

Do you have access to user data?

We only collect general data such as age group, gender, symptoms, and risk factors entered by the user for the duration of the check. This enables us to gain insights into the age and gender demographics of users and the most frequently reported symptoms and concerns. All data is anonymized, and we take measures to ensure that the anonymous data cannot be linked in a way that could potentially identify you. To find out more about data privacy and data security at XUND, you can read our privacy policy, or reach out to us at

How do you protect sensitive health data?

Security and data protection are very important to us. First of all, all the data we are processing through the Medical API is anonymous by design. On top of that, we have also opted for local storage in Austria. This ensures that health data stored with us never leaves the European Union.

We are committed to achieving compliance with both GDPR and HIPAA regulations by controlling access to sensitive data and encrypting all personal information during storage and transmission. This way, we can guarantee the safe and secure usage of our technology.

Where are the data centers located?

The data centers of our cloud provider Exoscale are certified according to ISO 9001 and ISO 27001 and are located in a military building in Vienna.

Which cloud provider do you work with?

We have a partnership with the largest Austrian telecommunications company A1 Telekom and therefore also use the services of Exoscale, a 100% subsidiary based in Switzerland.

Where can I find more details about your privacy practices?

We employ state-of-the-art encryption protocols for the secure transmission and storage of data. Our commitment to ensuring the security and privacy of sensitive user data is further reinforced by the implementation of rigorous company-wide guidelines and best practices. If you are interested in learning more about our data security practices, please visit our data privacy page and read the Medical API privacy white paper. If you still have questions or wish to exercise your GDPR data protection rights (as outlined in point 3 of our privacy policy), please reach out to us at Our data protection team will be happy to answer your questions.