Data & Security

Your data belongs to you. Full stop.

We do not train AI models with patient data. Only you and your practice team see your content. Hosted exclusively in Germany — GDPR-compliant.

  • No training data — ever

    Your patient data is never used to train AI models at any point. Contractually guaranteed in the DPA — no exceptions, no small print.

  • Only you have access

    Only authorised staff at your practice can see your data. Sanadoc employees have no access to content — technically and organisationally excluded.

  • Your data belongs to you

    You can export or have your data completely deleted at any time. Upon contract termination, all data is verifiably destroyed.

Germany location

From Germany — not from abroad.

We are a German company based in Berlin. Our servers are in Germany, our contracts are subject to German law. Unlike many AI solutions from the US, UK or other third countries, your data does not fall under foreign access laws.

Sanadoc

🇩🇪 Made in Germany

  • Based in Berlin, German law
  • Servers exclusively in Germany
  • No access by foreign authorities
  • No training data, contractually guaranteed
  • GDPR-compliant — from the start

AI solutions from abroad

🌍 Data in third countries

  • Based in USA, UK or other third countries
  • Servers outside Germany or distributed worldwide
  • Access by foreign authorities possible
  • Data often used for model training
  • GDPR only via Standard Contractual Clauses

Technically and legally secured

  • Hosted in Germany

    All data is processed exclusively in German data centres. No transfer to the USA or other third countries.

  • End-to-end encrypted

    AES-256 for stored data, TLS 1.3 for every transmission. Even we cannot read your content.

  • GDPR & BDSG

    Fully compliant with the European General Data Protection Regulation and § 22 BDSG for health data.

  • DPA included

    Data Processing Agreement per Art. 28 GDPR — verified and ready to use immediately.

  • Full transparency

    Audit logs for every action. You can always see who accessed which data and when.

  • KIM-enabled

    Secure sending via the telematics infrastructure — directly from Sanadoc.

Contractually established in the DPA

All commitments — no training data, no Sanadoc access, hosting in Germany — are part of the Data Processing Agreement per Art. 28 GDPR.

View DPAPrivacy Policy

Still have questions?

We are transparent — whatever the topic. Write to us or call us. We answer honestly, including on complex questions around data protection, infrastructure or contracts.

Get in touch