Our aspiration

Security & Trust

As a manufacturer of medical devices in the psychotherapeutic environment, we bear a special responsibility when it comes to data protection and information security.

Man with a shield

Certified medical devices

elona therapy is a CE-marked medical device (Class I, MDD).

Icon CE

Information security

Elona Health is certified as a manufacturer of medical devices and digital solutions according to ISO 27001 by TÜV Süd.

Icon

Data protection compliance

Elona Health complies with the highest European data protection standards for health data in accordance with the GDPR.

Icon Shield

Certified medical devices

elona therapy is a CE-marked class I medical device according to the MDD.

Icon CE

Information security

Elona Health is certified according to ISO EN 27001 by TÜV Süd. Our solutions meet the highest standards of the GDPR.

Icon

Data protection compliance

Elona Health meets the highest European data protection standards for health data.

Icon Shield

Certified medical devices

Regulatory framework for quality and safety

The trustworthiness and reliability of our products is our highest priority. We therefore adhere to EU-wide standards and regulations such as the Medical Device Regulation (MDR). elona therapy is labeled as a class 1 medical device (MDD) and the safety and performance of the product were tested as part of the conformity assessment.

In addition, we regularly conduct post-market surveillance testing and evaluation of our products, incorporating the latest information from literature, safety data, our own clinical studies, or user feedback into development and compliance testing.

Further information

You can find out more about our medical quality assurance and our clinical studies here.

Our commitment

Highest standards for data security and data protection

Health data are a valuable asset - especially when it comes to our mental health. We are committed to your personal data and believe that the sovereignty over your data should always be with you. Your personal data is immediately pseudonymized and encrypted on all products to ensure the highest possible data security. You always remain in full control.

Elona Health does not share your data with third parties at any time. If you choose to share your data, only your therapist can access certain information that is relevant to your treatment. The data is stored on servers in Germany that are specially secured for health data. No data is left unencrypted on your individual terminal device.

Privacy by design

Our products are developed according to the principle of "privacy by design/default". This means that we always implement privacy-friendly technology design, data minimisation and organisational protection measures.

Encryption

We only use proven methods (TLS, AES 128-bit encryption) for data transmission. The data is stored in ISO 27001, ISO 27701, BSI C5 and HIPPA certified data centres.

Data storage

We separate user data from health information. Each type of data is stored separately on servers within the EU.

Audit trails

The audit trail ensures that every action on your data is thoroughly tracked and time-stamped to provide solid evidence of access, verification and signature.

Read more

Our handling of data

Our privacy policy describes in detail how we handle and protect your data. Our external data protection officer regularly reviews our data protection-related control measures and ensures that our processes and products always meet the highest requirements of the GDPR.

You can find out more about our privacy policy for the elona therapy mobile application (patients) and elona therapy web application (practitioners) in our resource centre.

Delete data

Upon request, we can delete all personal data from our systems. However, data that is subject to a legal hold can only be deleted once the legal hold process has been completed.

To request data deletion, please contact our supportteam.

Our certifications

Audited and certified information security

Security is not only an integral part of our products, but also integrated into our infrastructure and corporate processes. With our Information Security Management System (ISMS), we ensure a holistic security programme that encompasses both IT and information security.

We are proud that this self-commitment to the highest possible security has been audited and certified by TÜV Süd in accordance with the internationally recognised ISO 27001 standard.

An excerpt from our safety programme

Audits

External experts and internal experts regularly check our processes and safety measures. This ensures that we comply with the relevant regulations and standards at all times.

Risk management

We conduct regular risk analyses in which we assess potential security risks and proactively initiate measures to avert damage.

Friendly Fire

We regularly try to penetrate our own security architecture (e.g. through so-called penetration tests) in order to identify and remedy vulnerabilities.

Training

Information security affects every team member. Therefore, we regularly conduct training and awareness-raising sessions with our employees.

Certified partners

Our partners and suppliers undergo an extensive safety check and commit to additional safety measures if required. We conduct a review of our partners at least once a year.

Continuous improvement

We are not satisfied with the status quo, but always follow the latest security standards and best practices.

Safety at Elona Health

Meet our Team

Magnus
Schückes

IT & Information Security Officer
(TÜV-certified)

Laura-Sophie Everding

Data Protection Officer

Kirill
Bikowez

Regulatory Affairs Manager

Resource Centre

Find out more in our privacy policy, general terms and conditions, imprint and FAQs.

To the Resource Centre

Report a vulnerability

Are you a cybersecurity user or expert and have discovered a potential vulnerability or security gap in our products? Then be sure to report it to us. This way we can ensure that it is closed quickly. Our information security team will check the information and discuss it with you if necessary.

Contact us