Sybana

Data Protection & Security

At Sybana, we apply healthcare-grade technical and organizational measures to protect personal data. This document summarizes how we safeguard information and maintain confidentiality.

Protection principles

  • Data minimization: we only process data necessary to provide the service.
  • Purpose limitation: data is used to support the healthcare professional’s clinical and administrative workflow.
  • Confidentiality: we restrict access and apply security controls.
  • Privacy by design and by default: security is built in from the start.

AI usage & confidentiality

  • AI does not diagnose and does not replace professional clinical judgment.
  • AI does not need the patient’s identity to generate drafts (notes, reports, summaries).
  • Patient data is processed in isolation with access restricted to the professional’s account.
  • We do not use customers’ clinical data to train AI models.

Storage & security

  • Data in transit is protected using secure connections (TLS/HTTPS).
  • Account-level access controls to prevent cross-user data access.
  • Backups and resilience measures to support availability.
  • Hardening practices and dependency updates.

Access & control

  • Data access is limited to authenticated and authorized healthcare professionals.
  • Traceability of relevant actions (internal auditing where applicable).
  • Least privilege: only the permissions required.
  • Measures to prevent unauthorized access and abuse.

International transfers

When working with providers that may operate outside the EEA, we apply appropriate safeguards (e.g., Standard Contractual Clauses or other measures) in accordance with applicable law.

Compliance & best practices

  • GDPR compliance and applicable data protection regulations.
  • Security principles aligned with industry best practices.
  • Regular review of security measures and processes.

Rights & requests

You can exercise your rights (access, rectification, erasure, objection, restriction, portability) as described in the Privacy Policy.

Contact

For privacy and security questions, use the contact channels indicated in the Privacy Policy.

Sybana