What precautions does Ada take to protect users' data?

Ada’s mission is to make healthcare more personalized and accessible for everyone. To achieve this, we have always ensured data security and data privacy are fundamental parts of our business and services. 

As a digital health company based in Germany, we take data privacy and security extremely seriously, and we treat all information shared with us with the utmost care. We are regulated by the world’s strictest data protection laws, policies, and regulations, including the GDPR, and are certified with the ISO 27001 quality standard for information security.

We never share your personal data with any third party without your explicit consent. No personal or health data is sold to third parties or shared for any commercial purpose. However, we may transfer your personal data to third-party processors for the purposes described in our privacy policy (section 3), including to provide our services to you. When data is transferred, service providers only have access to your data when deemed necessary by Ada. All service providers are bound by a data protection agreement and will only process data according to our instructions.

Furthermore, the structure of our services and apps are specifically designed to protect our users. Our architecture follows the security-by-design and privacy-by-design principles: our users’ health data is pseudonymized and stored completely separately from their personal data (such as profile name, email address) and can only be linked back to personal data using a unique key. We encrypt all personal data and health information transferred and stored, utilizing strong state-of-the-art encryption methods. 

As is common and necessary to operate apps and digital services, the Ada app communicates with a number of service providers in storing and processing personal data to make the service itself function. Ada carefully selects all its service providers to ensure our data policies and practices are never compromised. We have data processing agreements with the service providers we work with to ensure no personal data or health data is used for commercial gain directly or indirectly.  

Further detail is available in our Privacy Policy.

If you become aware of a potential security vulnerability, refer to Ada's Security Vulnerability Disclosure Policy before sending the report. The Security Team will follow up with you directly, according to the “Communication and Reporting” section in the policy.