How we protect your data.
Data Protection
GDPR-compliant
Processing based on the legal basis of Art. 6 and Art. 9 GDPR. No processing of patient data without the hospital's legal basis.
Data stays in the EU
All patient data is processed and stored exclusively in data centers within the European Union.
C5-attested cloud infrastructure
Our infrastructure runs on servers attested according to the Cloud Computing Compliance Criteria Catalogue (C5) of the German Federal Office for Information Security (BSI) — one of the most rigorous cloud security standards in Europe.
No training on patient data
Patient data is not used for training AI models. Hospital data remains isolated within the respective tenant context.
For live certifications, sub-processors, and incident notices, see our Trust Center.
How we protect your data
Your data is separated before we work with it.
01
Extraction
Data from all sources is captured — referral letters, findings, lab results, handwritten notes.
02
Three separate stores
03
Only pseudonymised data
Processing exclusively with the pseudonymised health dataset — no names, no identity.
04
Traceable and auditable
Every insight remains linked to its source document. All changes are logged.
All data remains on GDPR-compliant servers within the EU — no transfer, no training.
Information Security
aiomics is certified to ISO/IEC 27001:2022. TÜV NORD CERT confirms in its certificate dated 18 May 2026 that aiomics operates a management system in accordance with the requirements of ISO/IEC 27001:2022 — covering the development, operation, and maintenance of the aiomics generative AI healthcare SaaS solution.
ISO/IEC 27001:2022 certified
TÜV NORD CERT GmbH
- Certificate registration no.
- 44 121 251903
- Validity
- 18 May 2026 – 17 May 2029
- Scope
- Development, operation, and maintenance of the aiomics generative AI healthcare SaaS solution.
EU AI Act
aiomics meets the requirements of the European AI Act. Transparency obligations, risk classification, and documentation requirements are integrated into the product architecture.
All AI outputs of the platform are labeled as suggestions and drafts. Physician review and approval is required at every step.
Works Council
We have spoken with a number of works councils by now. Every one of them has approved the introduction without objections — because aiomics does not enable performance or behavior monitoring and does not displace jobs. On the contrary: the platform reduces pressure on staff, gives employees the opportunity to focus on value-adding work, and improves working conditions. Additionally, employees with visual impairments or language barriers benefit from automated document processing.
Independent Evaluation
The effectiveness of aiomics is currently being evaluated in an independent scientific study at the Charité Institute for Medical Informatics. Results will be published upon completion.
Technical Standards and Coding Systems
HL7v2 · FHIR R4 · ISiK · IHE XDS.b
ICD-10 · LOINC · SNOMED CT (in preparation)
Questions about data protection, regulation, or integration?
Get in touchWe respond personally — no call center, no automated emails.