Regulatory Status
Asclevor provides general health information infrastructure. We are not a medical device under EU MDR 2017/745.- We do not process patient data
- We do not provide clinical diagnoses
- We deliver structured reference data for developers to build upon
- All outputs carry explicit informational-use disclaimers
GDPR
| Question | Answer |
|---|---|
| Do you process patient data? | No. Never. |
| Where is data hosted? | Germany (EU) |
| What do you collect? | API keys, usage metrics (aggregated), billing data |
| Sub-processors? | Stripe (payments), Hetzner (hosting) — both EU/GDPR-compliant |
| DPA available? | Yes, for paid plans |
Security (Planned)
- TLS 1.3 encryption in transit
- AES-256 encryption at rest
- SOC 2 Type II certification (target: 2026)
- ISO 27001 certification (target: 2027)
- Annual penetration testing
For Enterprise Evaluation
We’ll provide:- Data Processing Agreement (DPA)
- Subprocessor list
- Security questionnaire responses
- Architecture documentation