← Back to overview

Once stored, only the target recipient can decrypt and retrieve the data.

DATA SECURITY NOTICE

MDBS generates both public and private key for each user. However, for maximum security, the system allows, and we recommend, each user to download their private key for offline use and delete it from the server. Decrypting data packages on the server is provided as a convenience and testing functionality.

Architecture of a Data Channel

The service sits between the clinical partner (administrator side) and the technology partner (processor). Data moves through an encrypted channel with short-term retention at the broker so transfer stays bounded and auditable.

Auditable Data Retention

open

Public keys of both clinical and technological partners.

encrypted

Public key encrypted clinical data. Configurable expiry.

locked

Private keys for both clinical and technological partners (for testing and demonstration).

Data visibility is restricted to a defined data channel between a clinical and a technological partner.

Our clinical channel stands out from general-purpose tools

A direct comparison with everyday communication methods — based on GDPR Article 32 requirements and EDPB guidance on transfers.

Feature Email (typical) WeTransfer Our channel
Transmission audit trail
Processor controls retention
Third‑country transfer risk ⚠️ high ⚠️ high ✅ EU‑controlled
Art. 32 GDPR alignment ⚠️ high risk ⚠️ high risk ✅ compliant
✅ = supported ❌ = not supported ⚠️ = high risk / limited

Based on EDPB guidelines 01/2021, WP256, and Schrems II case law.

Secure Data Flow

  1. SSL encrypted and authenticated original data transfer (browser or REST API).

  2. Encryption. Data is encrypted using the target's public key.

  3. Persistence. Ready-for-delivery data storage.

  4. Storage. The data can only be decrypted using the target's private key.

  5. Download request. SSL Encrypted and Authenticated request (browser or REST API).

  6. Decryption. Private key is temporarily unlocked using the target's account credentials.

  7. Download. Data is decrypted using the unlocked private key and delivered (browser or REST API).

  8. Alternatives to the standard download path.

  9. Available delivery strategies: delivery of encrypted data for offline decryption with your private key.

Only public keys, encrypted data and locked private keys are present in the system's persistent storage.

This website uses essential cookies to operate. By continuing to use this site, you agree to their use.