Security
We take patient data seriously.
Dermalia processes health data. This page explains the technical and organisational measures we take so you and your practice can sleep soundly.
Servers in Germany
Database and storage run in Frankfurt am Main (Neon, Vercel EU). Since 2024 the Isemeco backend cluster for raw data runs on Aliyun Frankfurt within the EU. No third-country transfer to the USA, no third-country transfer to China. We side-step the Schrems II (ECJ C-311/18) and EU-US Data Privacy Framework debate constructively by not depending on it.
End-to-end encryption
Transport encrypted with TLS 1.3. Data in the database is encrypted at rest. Backups are encrypted separately with rotating keys.
Minimal-data principle
We store first name, email and scan ID. Nothing more. No date of birth, no insurance number, no diagnosis history. What we don't have, can't be lost.
Clear retention periods
Reports are stored for 24 months, then automatically deleted. Immediate deletion on request at any time. Audit log for every deletion.
Multi-factor for admin access
Our staff access production data only via passkey/WebAuthn. No passwords, no mail-recovery backdoors. Every access is logged.
Clean data processing
We act as a data processor for your practice. Data processing agreement per Art. 28 GDPR is in place. You retain data sovereignty over your patients' reports.
Frequently asked questions
What happens to the 3D model from the scanner?
The Isemeco backend cluster runs on Aliyun Frankfurt within the EU since 2024. We additionally upload the 3D model and textures to our own Vercel-Blob storage in Frankfurt so patients can access the report independently of the manufacturer's storage. Neither patients nor third parties receive direct access to servers outside the EU.
Who can access my report link?
Anyone who has the link. The link contains an unguessable 25-character identifier, so it should be treated like a password. The report is automatically deleted after 24 months, or earlier on request.
What happens if Dermalia shuts down?
In the event of shutdown, we export all of your practice's data in an open format (JSON + PDF) and provide it to you. Afterwards we delete all data including backups. This commitment is in the data processing agreement.
Are you a medical device?
Dermalia delivers a visual report based on values measured by Isemeco. We don't create our own diagnoses, don't recommend treatments and don't replace medical assessment. We have completed an internal MDR self-assessment that classifies the software as a non-medical report-presentation tool. The final regulatory assessment in any concrete case rests with an MDR specialist lawyer of your choice, we provide the supporting documentation.
Can we use the reports for before/after advertising?
No, not publicly. The German Federal Court of Justice ruled on 31.07.2025 (case I ZR 170/24) that the HWG advertising prohibition for before/after images covers minimally invasive procedures like botox and hyaluronic acid as well. The reports themselves, the personal consultation and the patient record are unaffected. More in our knowledge article on before/after tracking.
Read more
How we deliver each compliance point concretely.
The most important privacy and methodology topics in depth, with concrete sources.
GDPR for 3D skin analysis, practice checklist
Which points belong in your processing record, what our data processing agreement looks like, what is critical about US and China sub-processors.
Open article →VISIA vs Isemeco in the GDPR context
Where the cloud-hosting differences sit, how Schrems II changed the EU-US picture, and what looks different in the processing record.
Open article →Before/after after the BGH ruling
What practices can no longer show in advertising since 31.07.2025, what stays permitted in the patient record, and what fines apply.
Open article →Legal documents
Contracts and measures to read up on.
The legal foundations of our collaboration, available at any time.
Data Processing Agreement (Art. 28 GDPR)
The contract practices conclude digitally during onboarding. Governs purpose, scope, sub-processors and erasure periods of the processing.
Open document →Technical and organisational measures (Art. 32 GDPR)
Annex 1 to the DPA. Describes confidentiality, integrity, availability and the platform's erasure concept in detail.
Open document →Security questions?
We explain every technical measure in detail.
Send us a message. We answer privacy questions without phrases and without marketing fluff.
Contact data protection officer