LynxCare implements multiple security layers including: encryption of data, operating systems and disks; TLS-encrypted connections for all data transfers; federated architecture where data can be deployed on-premise or in the customer's preferred cloud; ISO27001 and NEN7510 compliance; multi-layer access restrictions; and continuous vulnerability scanning.

The hospital always remains the data controller. LynxCare acts as a data processor, processing data only on behalf of and according to instructions from the hospital. Patient data never leaves the hospital's custody, and hospitals retain full control over how their data is used.

LynxCare operates in full compliance with the European General Data Protection Regulation (GDPR). We have a designated Data Protection Officer (DPO) and conduct Data Protection Impact Assessments for all processing activities.