Data · GDPR · Compliance
Data & Compliance
Here is where our data comes from, how it is processed, and what we can provide to your DPO or procurement team.
01 · Data
Zero patient data.
No SIH access, no individual PMSI, no nominative clinical data. Only public professional data.
02 · Sources
100% public sources.
Health open data (HAS, IQSS, FINESS, ARS), public LinkedIn profiles, Ordre des médecins. No grey market, no scraping of authenticated sites.
03 · Infrastructure
European hosting, 12-month traceability.
Processing and storage exclusively on European infrastructure (France/Germany). Logs retained 12 months for auditability.
What DPOs and procurement teams ask.
Are you a data processor under GDPR?
Yes. A DPA is signed before any engagement. We are a data processor for processing carried out on your behalf (enrichment, message sending).
Does data leave the EU?
No. Infrastructure 100% in France and Germany. For LLMs, we use European deployments (Azure OpenAI France Central or EU-hosted Mistral Large).
What happens in case of a deletion request?
Immediate and permanent deletion, propagated across all campaigns. Logged. Proof of processing delivered within 72h.
Can you provide your processing register?
Yes, on request at malik@agify.fr. Provided within 5 business days.
Do you have ISO 27001 or HDS certification?
ISO 27001 in progress (Q3 2026 audit). HDS not required: we process no personal health data.
What legal basis do you use to process professional emails?
Legitimate interest B2B (GDPR recital 47), compliant with CNIL deliberation MR-004 and CNIL 2023 guidelines. Information notice and 1-click opt-out included in every message.
How do you measure this site’s audience?
We use anonymous, cookieless audience measurement (PostHog, EU hosting). We collect only aggregate statistics · page views, journeys, clicks, to improve the site. No identification, no cross-session tracking, no session recording, no advertising use. You can refuse this measurement at any time · Refuse audience measurement.