Privacy & Security
All our solutions are designed to meet global requirements for data privacy and security.
We protect patients and their privacy
Focused on patient safety and driven by excellence, we are committed to complying with all legislation related to data protection and security. Our team of experts is at your side to raise awareness and guide decisions, right from the design phase, to ensure optimal user data protection and foolproof security.
Our in-house Data Protection Officer ensures that all our digital therapeutics respect HIPAA and GDPR conformities to guarantee the security of our patients’ data. The security of our platform and data relies on a dedicated team led by our Chief Information Security Officer, and on a process integrated on our Quality Management System.
We systematically assess risks linked to information security by studying the potential impacts of the exploitation of vulnerabilities on the integrity and confidentiality of data. This process covers the product development phase and continues into the post-market phase. For this purpose, we leverage the FDA guidance (Content of premarket submissions for management of cybersecurity in medical devices, Post market management of cybersecurity in medical devices), AAMI TIR57, OWASP cheat sheets and NIST publications (CSF and SP 800-57), which include regular verification that cybersecurity controls are effective, especially by vulnerability scans and pentests.
We apply security in everything we do
The applications are based on our platform, whose architecture is initially designed on the principles of defense in depth and segregation of data according to their level of confidentiality and access rights.
These applications are hosted on a Microsoft Azure infrastructure that has certifications such as ISO27001, SOC 2 or HITRUST CSF to ensure data security.
We are proud of our privacy-by-design approach
Our privacy-by-design approach implies the protection of our users’ data from the very beginning of the project developments.
By doing so, we significantly reduce the risk of possible non-compliance with the requirements by implementing preventive measures to anticipate risk of data violation and faults. We forecast and actively address privacy and security requirements, so you do not have to.