Security
- Home
- / Security
Security and data protection
How Movalytics handles data: where it lives, who can access it, and what happens when something goes wrong. This page answers the questions healthcare organisations and research partners ask us most often.
Data stays in the EU
All processing and storage runs in a data centre in Paris (Scaleway). Data does not leave the European Union: no processing, no backup and no copy outside the EU.
Encrypted, in transit and at rest
All traffic to and from the platform travels over an encrypted connection (HTTPS). Stored data, passwords and backups are encrypted at rest. Keys and other secrets are never kept in source code.
No names in the system
Subjects and patients are registered under a pseudonym (for example P001). The system does not accept names; the key list linking pseudonyms to people stays with the healthcare or research organisation and is never stored at Babon.
Access is limited and logged
Logging in always requires a second step beyond a password (two-factor authentication). Recordings belong to the user who uploads them; sharing requires an explicit action. Access to clinical data is logged.
Every analysis runs isolated
Each video analysis runs in its own sealed environment with no access to data from other recordings. That environment is cleaned up automatically afterwards.
Retention and deletion
Video recordings are deleted after 30 days, or earlier by agreement; derived results (angles, parameters, reports) remain available per the project agreement. Users can delete their own recordings. At project end we delete all project data on request.
Backups and recovery
Databases have continuous, encrypted backups within the same EU region, with restore to any point in the past seven days. Stored files are versioned: accidentally deleted files can be recovered.
When something goes wrong
In case of a data breach we inform the data controller within 24 hours and, where required, the Dutch Data Protection Authority within 72 hours. Every incident is documented and evaluated.
Found a vulnerability?
Tell us right away and we will fix it. Our reporting point is listed in security.txt, or email us directly at joey.kardolus@babon.eu.
Documentation for procurement
For procurement and privacy reviews we provide on request: our data-processing and security description, a data processing agreement, and the security certificates of our infrastructure provider.