Security

Trust

Security and data protection

How Movalytics handles data: where it lives, who can access it, and what happens when something goes wrong. This page answers the questions healthcare organisations and research partners ask us most often.

Data stays in the EU

All processing and storage runs in a data centre in Paris (Scaleway). Data does not leave the European Union: no processing, no backup and no copy outside the EU.

Encrypted, in transit and at rest

All traffic to and from the platform travels over an encrypted connection (HTTPS). Stored data, passwords and backups are encrypted at rest. Keys and other secrets are never kept in source code.

No names in the system

Subjects and patients are registered under a pseudonym (for example P001). The system does not accept names; the key list linking pseudonyms to people stays with the healthcare or research organisation and is never stored at Babon.

Access is limited and logged

Logging in always requires a second step beyond a password (two-factor authentication). Recordings belong to the user who uploads them; sharing requires an explicit action. Access to clinical data is logged.

Every analysis runs isolated

Each video analysis runs in its own sealed environment with no access to data from other recordings. That environment is cleaned up automatically afterwards.

Retention and deletion

Video recordings are deleted after 30 days, or earlier by agreement; derived results (angles, parameters, reports) remain available per the project agreement. Users can delete their own recordings. At project end we delete all project data on request.

Backups and recovery

Databases have continuous, encrypted backups within the same EU region, with restore to any point in the past seven days. Stored files are versioned: accidentally deleted files can be recovered.

When something goes wrong

In case of a data breach we inform the data controller within 24 hours and, where required, the Dutch Data Protection Authority within 72 hours. Every incident is documented and evaluated.

Found a vulnerability?

Tell us right away and we will fix it. Our reporting point is listed in security.txt, or email us directly at joey.kardolus@babon.eu.

Documentation for procurement

For procurement and privacy reviews we provide on request: our data-processing and security description, a data processing agreement, and the security certificates of our infrastructure provider.

Questions about security or procurement?

Request documentation