Yes, Chino.io ensures compliance with EU privacy & security directives, regulations and guidelines, which include:
EU Privacy Directives and General Data Protection Regulation;
EU Cybersecurity Directive affecting health and sensitive data;
Guidelines and opinions of the Article 29 Working Party for health and sensitive data management, and apps development;
ENISA - European Network and Information Security Agency state of the art security recommendations;
OWASP state of the art security recommendations and security tests;
Any other relevant EU legislations in the areas of security, privacy, and health.
In addition, since the healthcare regulatory framework is evolving fast, Chino.io constantly monitors changes at EU and Member State levels.
Chino.io clearly defines its Terms and Conditions according to the EU laws, stating explicitly what are its liabilities regarding health and sensitive data management.
Each Member State must comply with the EU Data Protection Directives and Regulations, therefore there are no differences in terms of level of privacy policies among EU Member States. For example, requirements on data location and general rules on accessing private and sensitive data are equal across EU.
However, there could exist specific certifications at national level or specific requirements that single hospitals could impose on service providers (e.g. using VPNs).
With the help of international legal experts and lawyers, Chino.io team has analyzed these requirements in the majority of EU Member States, ensuring Chino.io compliance with them. The objective of Chino.io is to implement state of the art security safeguards, that satisfy requirements of every Member State.
If you have encountered a specific obstacle do not hesitate to contact us.
There are no certifications that relates specifically to the compliance with EU privacy regulations. There are certifications regarding adherence to security and privacy standards in general like ISO 27001, 2018 etc. However none of these certifications are mandatory for bodies managing health data in EU (neither for you nor for us).
Although these certifications are not obligatory, Chino.io is always working on adhering its internal procedures to well-established standards, and aiming at obtaining certifications in the nearest future.
According to the new EU General Data Protection Regulation, every business delivering services to EU citizens and collecting their data, must comply with the EU Data Protection laws.
Yes, Chino.io implements state-of-the-art security standards and it can be used for storing any kind of sensitive, confidential, private or public data. Our REST API is currently used for storing medical records, data from devices like holters or sensors, chats with doctors, images, 3d models, and many more.
Yes, Chino.io REST API can be used to store any kind of structured data (JSON) or large binary attachments (BLOBs).
To simplify your work and increase overall security we choose the approach in which we take care of encryption of your data. This necessarily implies that Chino.io system has access to your data for a fraction of time when it receives data and before encrypting and storing them safely. Unencrypted data are kept for a very short interval of time only in memory, and they are never saved or transferred unencrypted.
Our employees cannot access the data in any way. The encryption keys are managed by the server and we do not have access or know the keys used for encrypting your data.
This approach increases overall security, because client-side encryption is very challenging and risky. For example, encrypting data locally limits its usage (e.g. search operations) on server side and poses risks when you implement key and data sharing. In addition you need to implement proper key storage and sharing, avoid key losses and implement data recovery functions. This is just one part of the list of guarantees that you would need to consider if you want to implement encryption on your device or server.
Instead, with our API you can transfer data securely to our system and we take the liability to encrypt and protect them properly according to the current EU laws and best standards. We are always up to date.
The Chino.io team can provide you with guidelines and advice on what you have to/must do (e.g. where to start with privacy requirements, privacy policies, terms & conditions, consents and so on).
However, we always suggest to our customers to ask also lawyers for advice also when dealing with sensitive data. Each project has its own privacy and data processing peculiarities, that are not necessarily related to the technology (e.g. identifying roles and liabilities among people accessing health data).
If needed, we can also introduce you to lawyers and experts in each Member State who are working with health and sensitive data management.
Every time your app stores or retrieves some data, or a user logs in or out, your app performs one or many API calls.
We count only authenticated calls. Unauthorized calls are not counted, while wrong calls (i.e., incorrect formats) are counted.
The number of calls that you need highly depends on your implementation. Check out "Tutorials” to find out how you can use our service.
We count 1 byte for every char in the document body (we do not count document metadata, only the content).
This means that the Divina Commedia (which has 408.476 chars, space excluded) can be stored in ~500 KB. You can store it up to 2000 times.
If you store BLOB, then keep reading.
We count the byte size of the attachment you send.
The Divina Commedia has ~700 pages. If we assume that a scanned page is ~500KB, the whole book is 350MB. In 10GB you can store 35 scanned copies (the biggest problem is how to scan 700 pages) .
You can do it by counting how many operations over data you need to perform per each user session. Then you add a couple of calls for logging and logouts operations.
You can always monitor API usage on Chino.io Console.
Each BLOB can be up to 1 GigaBytes. You can upload BLOB documents by using our chunked upload function. You can decide the chunk size based on your device capabilities and network reliability (each chunk must be transferred within an https call).
For security reasons we limit the number of users to 100.000. If you need more, just contact us.
For security reasons we limit the number of repositories to 1.000. If you need more, just contact us.
For security reasons we limit the number of schemas to 1.000. If you need more, just contact us.
Yes. You just need to update your personal and billing data in Chino.io Console.
You can grant access to the API to other people in 2 ways:
If you want to give admin access to someone you just need to generate another Customer Key and share it with whom you wish. Once you are done, you can delete/invalidate that Key.
If you want to give access to someone only for specific repositories/schemas/documents through API, then you can create a User and setup Access Control policies for him.
Yes, this is one of our custom deployment options. Since it requires a dedicated instance and dedicated management of the installation and monitoring, the pricing is provided ad-hoc based on your needs. Just contact us for more details!
Yes, this is one of our custom deployment options. Since it requires a dedicated instance and dedicated management of the installation and monitoring, the pricing is provided ad-hoc based on your needs. Just contact us for more details!
We apply many security measures, and some of them are not even publicly disclosed.
There are just some of our security measures:
To data transfers we always apply HTTPS;
We encrypt all stored documents and Blobs (AES 256);
Each user has his/her own encryption keys, which are stored separately;
Firewalls and other techniques block unauthorized calls and brute force attacks;
Monitoring systems detect unusual behaviour;
But most importantly, we are working hard everyday to improve our system, increase security, update libraries and protect your data.
Yes. We do daily backups of all data.
Yes, Chino.io does its best to guarantee the highest level of service uptime of at least 99.9%. In case of incidents Chino.io clearly states ranges for reimbursements:
API service availability |
Refund percentage |
|---|---|
From 98.0 to 99.9 |
10% |
From 95.0 to 98.0 |
30% |
Less than 95.0 |
50% |
For more details check our Terms & Conditions.
Just contact us, we will help you in downloading your data in bulk. You can always download your data by using our API.
For billing and account termination details please check our Terms & Conditions.
You can test Chino.io Sandbox for unlimited time, uploading and downloading maximum 10.000 documents without exceeding 1GB of space.
The Chino.io Sandbox is a testing and development platform, where we do also some tests. Therefore, although it is very similar to the production environment in terms of security, we don't provide guarantees about uptime and liabilities. Please read our Terms and Conditions for more details.
Yes, definitely. We can make a custom plan based on your API calls and storage needs. Just contact us at sales@chino.io for further discussion.
If you need a special service configuration, do not hesitate to contact us at sales@chino.io.
If you are a B2B and you have, for example, a platform that wants to integrate Chino.io and wants to re-sell it as part of your solution, then you can. You just need a special "Ad-hoc" account that allows you to programmatically create accounts and manage them. Contact us for more info at sales@chino.io.
The billing period can be monthly or yearly. Each billing period starts on the 1st day of the month. If you start in the middle of a month, that month you will be charged only for the days you will use the service.
Just contact us, we will help you in downloading your data in bulk at info@chino.io. You can always download them also by using our API.
For billing details please check our Terms and Conditions.
You will be notified and you will need to provide an alternative method of payment as soon as possible.
We support credit cards, PayPal or bank transfers.
VAT is calculated according to the EU standard rules.
You can always contact us at info@chino.io.
You can always contact us at info@chino.io.
If you find a security issue or a system bug, please contact us immediately at security@chino.io. Do not share it on forums, social networks or in any other communication method.
Yes, you can always contact us at our phone number +39 0282950319. However, extensive support via phone or in-house at your working place can be arranged by modifying your subscription plan. Currently Chino.io offers assistance by email according to our Terms & Conditions.
Chino.io was born as an acronym within a research project standing for “Cloud Health INtOperability”. Although the project was a different one, we kept the same acronym mainly because our mission and vision didn’t change. Although the methods did.
The “.io” is currently used by technology startups to indicate services related to API, interactions, exchanges and in general with “input-output” where IO is the abbreviation.