The platform follows strict GDPR and ethical research protocols. All data flows lead to storage in a centralised clinical repository, designed to securely hold FHIR resources for health information. The repository ensures data integrity and controlled access for authorised authorities. Physically, identification details such as name, surname and contact information are stored in a separate database from the rest of the clinical data, and the information is reconstructed on the fly upon request of authorised services and users.
Data within the clinical repository is stored for the duration necessary to fulfil the objectives of the activity, in accordance with regulatory and ethical standards. After this period, data will be deleted based on predefined retention policies (i.e., proprietary data, data generated for testing purposes, data of low value), whereas other types (e.g., software code, deliverables) will be maintained for at least five years after the end of the project. Finally, all data is stored within each clinical pilot site and follows the ENISA guidelines.