Security

Security in plain English. No jargon.

Health data is different from email. Here is what we do - and what you can demand.

Where your data lives

Your data and consent trail live in the EU on sovereign EU infrastructure via People's Lab. Frankfurt region today. No US hyperscaler. No CLOUD Act exposure. We will not say "Danish soil" until it is true.

Who we do not share with

Never insurers without explicit consent. Never employers. Never Apple, Google or Meta. Never pharma without granular study consent. Never authorities without a court order - and even then we tell you if the law allows.

Who can see it

By default: only you. Each time anyone else wants to see something - doctor, researcher, clinic - you give granular consent. Per study, per dataset, per time period. Never broad consent. Never retrofitted.

How consent works

You see a consent request. It tells you who is asking, what they want to see, why, and for how long. You say yes, no, or adjust the scope. Every request is logged and signed cryptographically (SHA-256). You can pull consent back any time with one tap.

What we do if we are breached

We follow GDPR Article 33 - we report to the data authority within 72 hours. We email you the same day, with details of what happened and what we are doing. We publish a public post-mortem within 14 days. We over-communicate, we do not spin.

What you can delete

Everything. The whole wallet history can be deleted with one tap. We send a confirmation. Within 30 days your data is gone from our systems - including backups. The audit log of your own actions is kept for 5 years for regulatory reasons (anonymised).

EUDI Wallet integration

The EU Digital Identity Wallet rolls out in every EU country Q4 2026 (regulation 2024/1183). We integrate as a relying party - your EUDI Wallet proves who you are, People's Wallet handles your health layer. You do not install a second identity wallet. We build on top.

Exit flow

Want out? Three taps.

No support calls. No waiting. You delete your wallet yourself, whenever you want. Within 30 days everything is gone from our systems - including backups.

Questions?

Write to our DPO. We reply within two working days.

support@peopleswallet.ai