Trust, by design — at every layer.
The Doctena Trust Center is the single reference for how we secure patient and practitioner data, the contracts we sign, the certifications we hold, and the suppliers we use.
-
Certified
ISO 27001:2022
Current certificate covering software factory and corporate scope.
Learn more -
Hosted in
EU only
AWS Frankfurt (eu-central-1). Patient data does not leave the EU.
Learn more -
Sub-processors
28 disclosed
Patient-facing and customer-facing suppliers, refreshed monthly.
Learn more -
Encryption
AES-256 / TLS 1.3
At rest, in transit, and in backups, across all production environments.
Learn more
Explore
Find what you need in one click.
The six entry points covering the questions we hear most often from patients, practitioners, and our customers' procurement teams.
-
Privacy policy
How we collect, process and protect personal data.
Open -
Data protection (GDPR)
Our role model under the GDPR and your rights.
Open -
Sub-processors
Every supplier that touches patient or customer data.
Open -
ISO 27001:2022
Scope, Statement of Applicability, certificate.
Open -
Data Processing Agreement
The contract we sign with every healthcare professional.
Open -
Responsible disclosure
Report a vulnerability through our coordinated channel.
Open
By audience
Built for every reader.
Whether you are a patient checking how your health data is handled, a practitioner contracting with Doctena, or a security officer auditing a vendor — the answer is here.
- For patients
How we handle your health data
What we collect, what we never share, and how to exercise your data subject rights — in plain English.
Open - For practitioners
Your obligations under the GDPR
The role model when you book patients through Doctena, the Data Processing Agreement, and the sub-processors that act on your behalf.
Open - For procurement
Vendor risk in one click
ISO 27001 certificate, sub-processor list, encryption posture, security controls and incident commitments.
Open
Talk to us
Something not covered here?
For specific contractual questions, vendor risk assessments, custom DPAs, or audit reports, reach out directly. We respond to most enterprise procurement queries within two business days.