Security & Compliance
We protect your medical data with the highest industry security standards, complying with European GDPR and NIS2 regulations.
Security Overview
EuroMed Advice implements a multi-layer security system to protect sensitive medical data. Our infrastructure is regularly audited and follows the strictest security standards in the medical industry.
TLS/SSL Configuration
All connections are encrypted using the latest TLS protocols, ensuring communication confidentiality.
Supported TLS Versions
Our platform supports TLS 1.3 (preferred) and TLS 1.2 for compatibility. Older versions (TLS 1.0, 1.1) are disabled for security reasons.
TLS 1.3 (Recommended)
- • TLS_AES_256_GCM_SHA384
- • TLS_CHACHA20_POLY1305_SHA256
- • TLS_AES_128_GCM_SHA256
TLS 1.2 (Compatibility)
- • ECDHE + AES-GCM
- • ECDHE + CHACHA20
- • Forward Secrecy (FS)
Cipher Suites
We use only modern and secure cipher suites, avoiding vulnerable algorithms:
- AEAD encryption (AES-GCM, ChaCha20-Poly1305)
- ECDHE key exchange for Forward Secrecy
- Perfect Forward Secrecy (PFS) on all connections
- CBC and RSA suites without Forward Secrecy disabled
Mandatory HTTPS
All connections are automatically redirected to HTTPS. We do not accept unencrypted connections.
HSTS enabled (Strict-Transport-Security) with max-age of 1 year
Access Control & Authentication
Robust authentication and authorization mechanisms to protect patient data.
Multi-Factor Authentication (MFA)
We implement two-factor authentication for additional protection:
- TOTP (Authenticator App) - mandatory for medical staff
- OTP code via email - available for patients
- Mandatory MFA for doctors, nurses, and dietitians (AAL2)
Row Level Security (RLS)
RLS policies implemented at the database level for strict data isolation:
- Patients can only access their own consultations and documents
- Doctors see only assigned cases, for the duration of the consultation
- Administrators have audited access to management functions
Session Management
Complete session monitoring to detect unauthorized access:
- Detailed authentication history (IP, device, location)
- Automatic alerts for logins from new devices
- Ability to terminate active sessions remotely
Infrastructure Security
Network and application-level protection against cyber attacks.
CDN & DDoS Protection
Our infrastructure is protected by Cloudflare:
- DDoS protection at network and application level
- Web Application Firewall (WAF) with custom rules
- Global network for performance and redundancy
Rate Limiting
Protection against brute-force attacks: max 5 authentication attempts in 15 minutes per identifier, with automatic blocking of suspicious IPs.
IPs are automatically blocked after 10 failed attempts within 30 minutes.
Strict CORS Policies
Cross-Origin Resource Sharing restricted to authorized domains (klarmedicin.com, euromed.lovable.app). All backend functions validate request origin.
Regulatory Compliance
We comply with the strictest European regulations on data protection and cybersecurity.
GDPR
Full compliance with the General Data Protection Regulation (GDPR):
- End-to-end encryption for sensitive data (Art. 32)
- Pseudonymization for administrative operations logging
- Complete implementation of Art. 15-22 rights (access, rectification, erasure)
- Audit logs for operations traceability
NIS2
Compliance with NIS2 Directive (effective from 2025):
- Security risk management framework
- Incident response and notification procedures
- Documented supply chain security
- Business continuity and recovery plan
Logging & Audit
Complete audit logging system for compliance and investigations:
- All authentication events (successful and failed)
- Access to medical documents and patient data
- Administrative operations (with pseudonymized identity)
- Log retention: 90 days for login, 7 years for medical data
Report Vulnerabilities
If you discover a security vulnerability, please contact us responsibly:
security@klarmedicin.com