GDPR Commitment and Security

Última actualización: January 15, 2026

HanaMind (Jucade Solutions) operates under the highest standards of compliance with the General Data Protection Regulation (GDPR) of the European Union and the Spanish Organic Law 3/2018 on Personal Data Protection and Guarantee of Digital Rights (LOPDGDD).

2. HanaMind as Data Processor

In accordance with Article 28 of the GDPR, HanaMind acts as a Data Processor for the patient data that the User (Data Controller) enters into the platform.

  • Documented InstructionsWe process data exclusively under the User’s instructions.
  • ConfidentialityStaff contractually committed to the duty of secrecy.
  • Technical AssistanceWe help the user fulfill the rights of their data subjects.
  • Destruction/ReturnSecure data deletion upon termination of the contractual relationship.

3. Robust Security Measures

The security of health data is our highest priority. We implement:

End-to-end Encryption

TLS 1.2+ in transit and AES-256 at rest.

Servers in the EU

Hosting exclusively in European regions (Spain/Belgium).

Daily backups

Encrypted backups with geographic replication.

Access Control

Two-factor authentication (2FA) mandatory for staff.

4. Sub-processors

We collaborate with top-tier infrastructure providers that strictly comply with the GDPR:

  • Google Cloud / AWS: Infrastructure and storage (EU).

  • Stripe: Secure payment processing (PCI-DSS).

  • Resend: Transactional notifications.

5. Audits and Evaluations

We perform periodic data protection impact assessments (DPIA) and technical security audits to identify and mitigate risks associated with the processing of sensitive data. The User may request a summary of these security measures by contacting our compliance team.

© 2026 Jucade Solutions SL. Todos los derechos reservados.