Back to blog
Privacy 4 min2026-04-05

Privacy: is it safe to share health data online?

How does Magistra protect your health data? An overview of GDPR compliance, EU hosting and the security measures that safeguard your privacy.

An understandable concern

Sharing health data online is scary. You enter your weight, your medical history, your medications — that's sensitive information. The question is valid: is this safe?

At Magistra, we take privacy extremely seriously. Here is exactly how we protect your data.

GDPR compliance

Magistra falls under the General Data Protection Regulation (GDPR) — the strictest privacy law in the world. This means:

  • You have the right to **access** all your data
  • You have the right to **deletion** (the right to be forgotten)
  • You have the right to **data portability** (take your data with you)
  • You can **withdraw your consent** at any time
  • You can **file a complaint** with the Dutch Data Protection Authority

    • Health data: extra protection

    Health data falls under Article 9 of the GDPR — a special category that receives extra protection. Magistra processes your health data only on the basis of:

  • Explicit consent (you actively give consent in the questionnaire)
  • Necessity for healthcare (Article 9, paragraph 2, under h)

    • Where is your data stored?

    All data is stored and processed exclusively within the EU:

  • Database: Supabase (EU region)
  • Hosting: Vercel (EU region)
  • No data outside the EU — ever

    • Who is your data shared with?

    Your health data is only shared with:

  • The doctor who assesses your profile (independent, BIG-registered)
  • The pharmacy you're matched with (licensed, BIG-registered)

    • Your data is never sold to third parties, advertisers or insurers.

    Security measures

  • Encryption: all data is encrypted at rest and in transit
  • Access control: only authorised healthcare professionals have access
  • Minimal data collection: we only ask for what's necessary
  • Retention period: health data is retained for a maximum of 2 years after programme termination

    • What if I want to stop?

    You can at any time:

  • Delete your account
  • Have all your health data erased
  • Withdraw your consent

    • Send an email to info@magistra.health and we will process your request within 30 days.

    Read our full privacy policy: magistra.health/nl/privacy

    Magistra is a technology platform. Results may vary.

    Ready to start?

    Complete a short questionnaire and discover if a personalised programme is right for you.

    Get Started

    Personalised weight management, doctor-guided

    Free Questionnaire