HomeSecurity

Security & Data Protection

Trustworthy by design

Medical devices process sensitive data in sensitive environments. Our security posture reflects that responsibility.

Our commitments

How we protect data and operations

Six concrete measures we apply across the MoniDose platform and website.

Encryption in transit and at rest

All traffic uses HTTPS with modern TLS. Sensitive data stored by our platform is encrypted at rest by our hosting providers.

Access control and authentication

Role-based access for the 4-role platform (nurse, patient, family, pharmacy). Least-privilege principles for internal tooling.

Input validation and request hardening

Every API request is validated and sanitised server-side. Security headers (CSP, HSTS, X-Content-Type-Options) enforced globally.

Continuous dependency monitoring

Third-party packages are monitored and patched regularly. Vulnerable dependencies are prioritised for upgrade.

Logging and monitoring

Security-relevant events are logged for investigation. Anomalous request patterns trigger alerts to the engineering team.

Secure software development lifecycle

IEC 62304-aligned software lifecycle for the medical device. Peer review, automated testing, and change control on every release.

Compliance alignment

Standards we align with

We are transparent about what we have achieved and what is still in progress. We never claim certifications we have not earned.

OWASP Top 10 (2021)

Audited • 18 controls verified

Our web infrastructure has been audited against the OWASP Top 10 (2021) security framework. Last audit: March 2026.

NIS2 Directive

Aware • Scoping in progress

Medical devices with software (including MoniDose) fall under NIS2 Annex II "Medical Devices". We are assessing obligations.

ISO 27001

Aligned • Not certified

Our security controls align with ISO 27001 principles. We have not yet pursued formal certification.

GDPR

Compliant

Data processing aligns with the EU General Data Protection Regulation. See our Privacy Policy for details.

IEC 62304

In development

Software lifecycle for the MoniDose device aligns with IEC 62304 medical device software standard.

EU MDR 2017/745

In development • Class I

MoniDose is being developed as a Class I medical device with software under EU MDR 2017/745.

Transparency

Subprocessors

Third-party service providers we use to deliver MoniDose.

Vercel

Web hosting & CDN

EU/USPrivacy

SendGrid / Resend

Transactional email delivery

EU/USPrivacy

We will notify customers of material subprocessor changes. For a signed Data Processing Addendum, contact us.

Reporting a security issue

We value responsible disclosure from security researchers. If you believe you have found a vulnerability, please contact us using one of the channels below. We commit to acknowledging reports within three business days.

info@monidose.fi

security.txt

Need our Data Processing Addendum?

Welfare regions, hospitals, and pharmacies evaluating MoniDose can request a signed DPA and security questionnaire response.

Request DPA