Psyflow has been designed from the outset following a privacy-by-design and privacy-by-default approach, ensuring the protection of sensitive professional data handled by psychologists.
1. Regulatory Framework
Psyflow complies with:
The General Data Protection Regulation (GDPR)
European principles governing the processing of health data
Legal requirements related to data confidentiality, security, and minimization
These principles guide the architecture and operation of the platform.
2. Roles and Responsibilities
Under the GDPR framework:
SAS FlowLabs, the publisher of Psyflow, acts as a data processor
The health professional using Psyflow acts as the data controller for patient data
FlowLabs does not access, analyze, or monetize patient data.
Patient data is never used for advertising, commercial exploitation, or AI model training.
3. Security Measures
Psyflow implements industry-standard technical and organizational security measures, including:
Encryption of sensitive data
Secure authentication mechanisms
Access logging and monitoring
Regular automated backups
Protection against unauthorized access
These measures are designed to ensure the integrity, confidentiality, and availability of data.
4. Health Data Hosting (HDS)
Psyflow is designed to support the secure processing of health-related data.
Health data is hosted in France by Celeonet, a provider certified for Health Data Hosting Certification (HDS) in accordance with French regulatory requirements.
The Psyflow marketing website, hosted by Hostinger, does not process or store any health data.
5. Artificial Intelligence
Some Psyflow features include AI-assisted tools designed to support clinical work.
These tools:
Assist with clinical reflection and structuring of information
Do not replace professional clinical judgment
Do not use patient data for external model training
The practitioner remains solely responsible for all clinical decisions.
6. Transparency and Contact
FlowLabs supports practitioners in complying with their data protection and confidentiality obligations.
For any questions regarding GDPR compliance or data protection:
