Security & Privacy

Your data deserves
the highest protection

As a therapist, you bear a special responsibility for sensitive patient data. Psynex was built from the ground up for maximum security and full GDPR compliance.

GDPR

EU General Data Protection Regulation

BDSG

German Federal Data Protection Act

BSI C5 Infrastructure

Certified Server Infrastructure

ISO 27001 Infrastructure

Certified Data Center

Security at every level

Our multi-layered security architecture protects your data from input to storage.

End-to-End Encryption

All patient data is stored encrypted with AES-256 – both during transmission and on our servers.

European Servers

Our entire infrastructure runs on BSI C5 Type 2 and ISO 27001:2022 certified servers at Hetzner in Germany.

Complete Audit Logs

Every data access is logged. You have full transparency at all times about who accessed what data and when.

No AI Training

Your data is never used to train AI models. Your patient data remains your patient data.

Access Control

Role-based access rights and two-factor authentication protect your account from unauthorized access.

EU Data Processing

All data is processed and stored exclusively within the EU. No data transfer to third countries.

Automatic Key Rotation

Encryption keys (DEK) are automatically rotated every 90 days. Even in case of a theoretical key loss, older data remains protected.

Automatic Data Deletion

Audio files are deleted immediately after transcription. No unnecessary data storage – only what you need.

Daily Backups

Automatic encrypted backups secure your data daily. In an emergency, we can restore everything.

Continuous Security Monitoring

Automated daily vulnerability analysis of our systems and dependencies. Security updates are applied promptly.

Certified Infrastructure

Our servers run at Hetzner in Germany – one of Europe's leading data center operators with the highest security standards.

BSI C5 Type 2

The Cloud Computing Compliance Criteria Catalogue (C5) from the German Federal Office for Information Security (BSI) defines minimum requirements for secure cloud computing. Type 2 confirms effective application over a defined period.

ISO 27001:2022

The international standard for information security management systems. Confirms systematic processes for protecting information and data.

Hetzner Online GmbH Hetzner Online GmbH is classified as an operator of critical infrastructure under BSI KRITIS regulations and is certified according to §8a BSIG.

Sub-processors

Transparency is important to us. Here you'll find all service providers who may have access to data as part of our service delivery.

Hetzner Online GmbH
Germany
Cloud Infrastructure & Hosting
BSI C5 Type 2, ISO 27001:2022
OpenAI / Microsoft Azure
EU (Sweden)
AI Processing (Transcription & Documentation)
SOC 2, ISO 27001
Stripe
EU (Ireland)
Payment Processing
PCI DSS Level 1
Resend
EU
Email Delivery (Transactional Emails)
SOC 2

Documents & Downloads

All important documents for your records and collaboration with us.

Data Processing Agreement (DPA)

Agreement for data processing according to Art. 28 GDPR

Terms of Service

For using the Psynex therapy documentation platform

Privacy Policy

Complete privacy notice

Template: Patient Information

Template for informing your patients

Frequently Asked Questions

Answers to the most important questions about security and privacy at Psynex.

Still have questions?

Our team is available for all questions about privacy and security. We're happy to help.

Contact PsynexGeneral Support
Security & Privacy | Psynex Trust Center | Psynex