Our approach to data privacy
Our approach to data privacy and the privacy-by-design principle
Software design at Data4Life follows our approach to the GDPR principle (General Data Protection Regulation) of privacy-by-design. This means that for our digital solutions and services, we focus on protecting the user’s privacy throughout the whole engineering process. Besides many different measures to protect user privacy, we use end-to-end encryption (E2EE) for all health data.
End-to-end encryption ensures that only users themselves can access the content of the encrypted data. Even Data4Life cannot understand the encrypted data since we do not have access to the cryptographic keys needed to decrypt the data. This means that we never have access to the content, i.e. nobody can read user’s documents.
Personal data is encrypted on the user’s device and can only be decrypted by users or their trusted partners in a sharing session. But only when users explicitly grant access, for example, to their doctor.