Security & Sovereignty

Security is not a promise.
It is an architecture.

Your medical data is not merely “protected”. It is designed to be unreadable by anyone — including us — without your explicit cryptographic consent.

How It Works

4 layers of protection, in that order

01

You hold the key

A decryption key is derived from your password on your phone (Argon2id). It never leaves your device. Without it, your data is unreadable — including to us.

02

Your data is encrypted before upload

Every document, every result, every note is encrypted client-side with AES-256-GCM. What reaches our servers is an opaque blob. A database leak would reveal nothing.

03

Our servers are blind

We host your encrypted data, we do not access it. This is the so-called client-side end-to-end encrypted architecture: the provider cannot read what it stores. Even under judicial order.

04

Your shares are traced and revocable

Every time you grant access (doctor, family, third party), the event is written to an audit chain. You see who consulted what, and you revoke with one tap.

French Sovereignty

Why hosted in France changes everything

Some French health platforms host their data on US clouds. Even encrypted, that data falls under the jurisdiction of the Cloud Act — a US law that allows an American prosecutor to demand access.

Criterion

My Data My Care

US Cloud Platforms

Hosting
French servers — HDS-certified provider
Sometimes on AWS/Azure, subject to the US Cloud Act
Legal framework
GDPR + HDS v2 + Ségur V2 native
Compliance patched on top of a US stack
Government access
No foreign jurisdiction can compel disclosure
Cloud Act: a US prosecutor can force access
Encryption
Client-side, key on your device (client-side end-to-end encrypted)
Often server-side — the host can read
Portability
Full FHIR R4 export in 1 click
Sometimes impossible, often partial

Sovereignty & Portability

The sovereignty of your data implies its full portability: see how our architecture lets your record cross borders without compromising security.

Portability in practice →
Cryptographic access journal

Tamper-proof traceability of every access to your data.

All actions on your data (doctor consultations, sharing, exports, emergencies) are recorded in an append-only journal chained by HMAC-SHA256 signature. No entry can be modified or deleted, even by our administrators.

Cryptographic chaining ensures that any alteration is mathematically detectable. This is not a promise — it is a verifiable mathematical property.

  • HMAC-SHA256 chaining: every entry is signed and linked to the previous one. Any alteration is mathematically detectable.
  • Database append-only: a PostgreSQL trigger technically blocks any modification or deletion. HDS art.7 guarantee.
  • GDPR Art.15 enforceable export: download your full journal (JSON + PDF + signature) from your patient space at any time.
  • Merkle tree V2 ready: the architecture includes a Merkle-compatible hash for optional future public anchoring (ANS timestamping, RFC 3161).
  • Bitcoin blockchain anchoring via OpenTimestamps: the Merkle root of each batch of 1,000 entries is timestamped on the Bitcoin blockchain every hour via the OpenTimestamps protocol. Verifiable proof by anyone, independently of My Data My Care.

Access Log — Example

Dr. Lefebvre

Access granted · 24h

Today · 14:20

Dr. Lefebvre

Record consulted

Today · 14:32

Cerba Lab

Results imported

Yesterday · 09:15

Dr. Mercier

Access revoked

3 days ago

HMAC-SHA256: 7a3f…e2c1 · chain verified ✓

Compliance

Europe’s most stringent standards

HDS v2

In progress

Health Data Hosting, 2026 certification mandatory in France

GDPR

Native

European regulation on personal data — rights to access, rectification, portability, erasure

Ségur V2

Roadmap Q4 2026

Mon Espace Santé catalogue listing, DMP feeding, FHIR R4 interop

INS-IAS

Native

National Health Identity, professional authentication via Carte CPS

WCAG 2.2 AAA

From MVP

Digital accessibility at AAA level, above the European EN 301 549 standard

AI Act

Framed

V1 strictly outside medical-device scope. Predictive-AI module in V2, high-risk compliant August 2026

Third-Party Verifiable

We do not ask you to take our word for it

Truly solid security is security you can prove. Here are the mechanisms anyone can use to verify our claims.

Quarterly external audits

Our security is audited every quarter by an independent firm. Reports are published on this page.

Public bug bounty

A rewards programme open to security researchers. The more critical the flaw, the higher the bounty.

Open source

Our FHIR connectors and mobile application are published on GitHub. Auditable by any developer.

Transparency dashboard

Every government request received, every incident, every security change is documented publicly.

A sharp technical question?

Our security team answers directly. Cybersecurity researcher, DPO of a facility, tech journalist — write to us.

security@mydatamycare.com