1. Data Encryption

Data in Transit

All data transmitted via our website and apps (e.g., medical information, identity verification inputs, account data, and orders) is encrypted using TLS 1.2 or higher.

Data at Rest

Data stored in our databases and backups is encrypted using AES-256 or equivalent industry-standard cryptography.

State of the Art Security

These measures follow the "state of the art" security standard required by Article 32 GDPR / UK GDPR.

2. Server Locations and Hosting

EU Data Hosting

All personal data of EU users is hosted exclusively on servers within the European Economic Area (EEA).

Certified Data Centers

Transtoyou uses data centers certified under ISO 27001, SOC 2, and compliant with all relevant GDPR requirements.

International Transfers

No personal data is transferred outside the EEA, unless this occurs under:

  • Standard Contractual Clauses (SCCs)
  • An adequacy decision from the European Commission
  • The explicit consent of the data subject

3. User Data Access & Portability (EU Data Act)

Users can access, download, and export their account and service-generated data directly through their Transtoyou dashboard.

Where technically feasible, users may also request that Transtoyou transmits this data to a third party designated by the user, in line with applicable EU data access and portability rules, including the EU Data Act where relevant.

Access Your Data

Download and export your data directly from your dashboard.

Go to Dashboard

4. Identity Verification (ID Check)

Transtoyou may require one-time identity verification for:

High-risk prescription pathways
Transgender healthcare pathways where required by law or safety standards
Suspected misuse, fraud indicators, or inconsistent medical input
Regulatory or pharmacy obligations

How ID Verification Works

The ID check involves automated recognition of a valid government-issued ID and a facial match to confirm identity.

Biometric data is processed solely for one-time identity verification, fraud prevention, and safe prescribing. It is not used for marketing, profiling, or any other purpose.

The legal basis for biometric processing relies on Article 9(2) GDPR / UK GDPR together with Article 6(1), supported by DPIAs, strict purpose limitation, and retention rules.

Third-Party Verification

Identity verification is performed by a specialized third-party provider acting as processor on behalf of Transtoyou.

Transtoyou does not store a copy of the ID document. We receive only a verification status and limited metadata necessary for compliance and fraud prevention.

Vendor retention is limited to what is legally required and governed by our Data Processing Agreement.

5. Two-Factor Authentication (2FA)

Staff, Physicians & Pharmacies

Mandatory

2FA is mandatory for all logins, in line with best practices for securing access to medical data.

Customers

Optional but Recommended

2FA is optional but strongly recommended. Once enabled, a second authentication step (e.g., SMS) is required at login or when placing an order.

6. Sensitive Operations & Access Controls

  • Medical reviews and prescription approvals are only performed by licensed physicians logged in via 2FA, with access restricted to only the required patient data.
  • No additional re-authentication (e.g., biometrics) is enforced for physicians during sensitive actions, but strict Role-Based Access Control (RBAC) is in place.
  • Every access to medical records is logged and auditable.

7. Audit Logs & Access Registration

Comprehensive Logging

Transtoyou maintains logs of all access to consultation data, prescriptions, identity verification, and user records.

Regular Review

Logs are periodically reviewed to detect unauthorized access or anomalies.

Restricted Access

Only authorized individuals with a defined operational role may access medical records.

8. Video and Chat Consultation Security

Secure Consultation Platform

Transtoyou uses a secure video and chat consultation platform with encrypted connections (TLS/DTLS/SRTP) and strict access controls.

Consultation Recordings

Video and/or chat consultations may be recorded only where necessary for:

  • Clinical safety
  • Quality assurance
  • Training related to patient safety
  • Handling of disputes or complaints (for example if a user or physician contests what was said during a consultation)

Retention Period: 90 Days

Recordings are stored securely for a limited retention period of 90 days, after which they are automatically deleted, unless a longer retention is required due to an open complaint, legal obligation, or ongoing investigation. This follows the GDPR/UK GDPR storage limitation principle.

Important Safeguards

  • Access to recordings is strictly limited to the assigned physician and authorized compliance or dispute-resolution staff, under RBAC and full audit logging.
  • Recordings are never used for marketing, profiling, or any unrelated purpose.
  • Users are informed before the consultation starts that recording may occur, the purpose of the recording, and the retention period.

9. Data Breach Protection

Our Response Protocol

In the event of a data breach, Transtoyou:

1

Notify Authorities

Notifies the relevant data protection authority (e.g. Andmekaitse Inspektsioon in Estonia) within 72 hours, as required under Articles 33 & 34 of the GDPR.

2

Notify Affected Users

If there is a high risk to individuals, they will be notified directly.

3

Root Cause Analysis

A root cause analysis is conducted after every incident, with corrective actions taken immediately.

10. Internal Security Measures

Access Rights Review

Access rights are reviewed on a recurring basis and immediately upon role change or termination.

Security Training

Security awareness and privacy training is mandatory for all personnel with access to personal or medical data.

Regular Updates

Security policies and technical controls are reviewed and updated regularly.

11. Data Processing Agreements & Subprocessors

  • Transtoyou has signed Data Processing Agreements (DPAs) with all third-party processors (including hosting providers, ID verification vendors, pharmacies, physicians, and marketing tools).
  • Subprocessors may only process data under Transtoyou's instruction and supervision.
  • A current list of subprocessors is available upon request via: privacy@transtoyou.com

12. Record of Processing Activities (Art. 30 GDPR)

Transtoyou maintains an internal Record of Processing Activities (ROPA) in accordance with Article 30 of the GDPR.

This register includes:

  • All processing activities
  • Purposes
  • Categories of personal data
  • Processors
  • Storage locations
  • Retention periods
  • Applied security measures

It is available to supervisory authorities upon request.

13. Data Protection Impact Assessments (DPIA)

For all processing of medical or sensitive personal data, Transtoyou regularly conducts Data Protection Impact Assessments (DPIAs) in line with Article 35 GDPR.

DPIAs are also carried out prior to introducing new technologies or workflows that present elevated privacy risks.

14. Internal Privacy Officer (non-DPO)

Transtoyou is not legally required to appoint a Data Protection Officer (DPO) under Article 37 of the GDPR, as we operate under medical professional confidentiality.

However, we have appointed an internal privacy officer to oversee:

  • Privacy compliance
  • The maintenance of our processing register
  • Execution of DPIAs
  • Review of processor agreements

This person acts as the main point of contact for privacy matters and supports audits, breach response, and risk mitigation.

Questions or Reporting a Concern

If you have questions about data security, or wish to report a (suspected) vulnerability, please contact us:

Privacy & Security Team

For security questions and concerns:
privacy@transtoyou.com

Report a Vulnerability

Found a security issue? Let us know:
privacy@transtoyou.com

Your Security is Our Priority

We continuously invest in protecting your personal and medical data with state-of-the-art security measures.

Privacybeleid GDPR Rights