Security and compliance at the core

SentinelMind is built from the ground up with Danish healthcare law and GDPR in mind.

Full support for data subject rights: access, export, and deletion. All requests are logged and processed systematically.

No patient data is processed without explicit, informed consent. Consent can be withdrawn at any time.

All access to patient data — views, lists, timeseries — is logged with actor, clinic, patient ID, and correlation ID.

Sensitive data is encrypted with AES-GCM locally on the patient's device. All communication happens over TLS.

Audit logs are retained for 365 days. Completed jobs are cleared after 30 days. Failed jobs after 90 days.

Analytics data is automatically filtered for personally identifiable information before storage.

All endpoints are protected with rate limiting to prevent abuse.