The Technology Toolkit that makes projects compliant instantly

The platform provides of a set of modules to make your digital health project GDPR or HIPAA compliant.
It allows you to solve the most complex and risky compliance tasks, enabling you to deliver your project globally.


The only ISO 13485, 27001, and 9001 certified cloud solution
to build certified software

Health data security lets you safely store and encrypt all your health data, such as structured medical records, scans or patient-doctor chats.
It works like a standard storage service, while ensuring highest compliance standards, eliminating risks, and letting you focus on your application.

Data encryption: ensure compliance with EU and US regulations and medical standards (e.g. GDPR, HIPAA, DVG, NHS Security Toolkit, HDS, etc). It takes one API call to store your data with secure record level encryption.

Pseudonymisation and de-identification: encrypt parts of your health records or personal identifiers.
De-identification relieves you from privacy implications. Our data architect can give you an assessment and help design your setup.

Secure user management and data sharing

Plug and play sign-up, authentication and session management with our OAuth2.0 as a Service.
The service also implements flexible record-level access control for compliant data sharing among users and applications.
This gives you all the granularity you need to implement compliant data storage.

Identity Management: implement user signup, session management, audit logs, monitoring and data access authorisation.

Granular access control: define flexible access control policies for users or groups on single documents or collections. No programming is needed.

Secure and compliant data sharing: securely share data among applications and users, while ensuring compliance with EU and US laws.

Verifiable Audit Logs and monitoring

Implement immutable, verifiable and legally-valid logging for your project.

The audit log service is designed to meet all compliance and medical standards.
You can create custom events, in addition to the Platform modules which automatically create compliant logs.

Logs can be queried via API to define alerts.

Ensure accountability: Audit Log module meets all the requirements of GDPR and HIPAA. They are also sanitised to ensure they don’t leak sensitive data.

Query, monitor or export logs: You can search for specific logs, trace back events by type, create alerts, view all events over a time window or generate an audit-ready export.

Comply with medical standards: audit logs meet the requirements of GDPR Art. 25 & 32, HIPAA 164.312(b) and FDA 21 CFR ch.11, DICOM, etc.

User Consent management

The consent management module allows you to collect, store, query and update consents of your users.
Consent is often the legal basis for storing personal data and is a key part of GDPR.

Our system makes it easy for your users to view the consents they gave, and modify or withdraw them at any time.

Data encryption: ensure legal validity of consents. Keep details of every user consent you collect in your product to know exactly what each user accepted at any moment.

Keep consents synchronised: query or update user preferences instantly. Updates keep legally valid history for auditing purposes and demonstrate data subject right implementation (e.g. Right to be Forgotten).

You choose the setup

We offer cloud or custom installations.
You always retain full control over your data as with any other managed DB.

GDPR compliance instantly

With the multi-tenant cloud instance you don't need to setup or configure anything. is a scalable, reliable, and secure platform that offers compliance with all data protection laws.

Key Features

✅   No setup, compliant from day 0
✅   Scalable volume-based pricing
✅   GDPR compliance guaranteed


Custom install to suit your needs

If you have specific technical, regulatory or business requirements, we can provide a custom installation of on your own server or cloud instance.Deployment takes just a few hours via our automated Docker-based installations.

Key Features

✅   Dedicated deployment on any cloud or hosting provider
✅   HIPAA compliance to unlock the US market
✅   Personalized technical and compliance support


Companies who trusted

Serious games

Using we've solved GDPR and HIPAA like a breeze.

Nicola Filippi

CEO of Needius


Chatbots for eHealth solves all the compliance problems with creating health chatbots. Our product protects the user data and makes your chatbot GDPR and HIPAA compliant, by design.

Health eCommerce

eCommerce should be simple, but GDPR and HIPAA mean that selling healthcare products online is hard. Use the platform to build GDPR and HIPAA compliant eCommerce sites quickly and simply.

Want to learn more?