Our GDPR Principles
Data Sovereignty
Your data stays in the EU. We use infrastructure located in Germany to ensure maximum protection and regulatory alignment.
Purpose Limitation
We only process data that is absolutely necessary for providing our compliance intelligence services.
Security Transparency
We use state-of-the-art encryption (AES-256 for data at rest, TLS 1.3 for data in transit) to protect your sensitive device documentation.
Your Rights
Right to access, right to be forgotten, and right to data portability are fully supported through our platform tools.
Data Sub-processors
To provide our AI services, we work with a limited number of trusted sub-processors. We maintain Data Processing Agreements (DPAs) with all entities to ensure they meet our high standards:
| Sub-processor | Purpose | Location |
|---|---|---|
| Supabase | Database & Auth | EU (Germany) |
| Amazon Web Services | Hosting & Storage | EU (Frankfurt) |
| Google Cloud | AI Logic (Gemini) | EU (Belgium) |
Contact our DPO
If you have any questions regarding data protection at Medbash, please contact our Data Protection Officer directly:
dpo@medbash.ai