Where your data lives
Your data and consent trail live in the EU on sovereign EU infrastructure via People's Lab. Frankfurt region today. No US hyperscaler. No CLOUD Act exposure. We will not say "Danish soil" until it is true.
Security
Health data is different from email. Here is what we do - and what you can demand.
Your data and consent trail live in the EU on sovereign EU infrastructure via People's Lab. Frankfurt region today. No US hyperscaler. No CLOUD Act exposure. We will not say "Danish soil" until it is true.
Never insurers without explicit consent. Never employers. Never Apple, Google or Meta. Never pharma without granular study consent. Never authorities without a court order - and even then we tell you if the law allows.
By default: only you. Each time anyone else wants to see something - doctor, researcher, clinic - you give granular consent. Per study, per dataset, per time period. Never broad consent. Never retrofitted.
You see a consent request. It tells you who is asking, what they want to see, why, and for how long. You say yes, no, or adjust the scope. Every request is logged and signed cryptographically (SHA-256). You can pull consent back any time with one tap.
We follow GDPR Article 33 - we report to the data authority within 72 hours. We email you the same day, with details of what happened and what we are doing. We publish a public post-mortem within 14 days. We over-communicate, we do not spin.
Everything. The whole wallet history can be deleted with one tap. We send a confirmation. Within 30 days your data is gone from our systems - including backups. The audit log of your own actions is kept for 5 years for regulatory reasons (anonymised).
The EU Digital Identity Wallet rolls out in every EU country Q4 2026 (regulation 2024/1183). We integrate as a relying party - your EUDI Wallet proves who you are, People's Wallet handles your health layer. You do not install a second identity wallet. We build on top.
Exit flow
No support calls. No waiting. You delete your wallet yourself, whenever you want. Within 30 days everything is gone from our systems - including backups.