GDPR compliance built into every project and workflow.

Digital security concept with person holding glowing padlock for data protection and cybersecurity

Medtora is designed with a distributed data architecture that supports GDPR compliance by design. Participant personal data is stored on the company’s own SharePoint environment, where all data is kept encrypted and under the company’s direct control as data controller.

Survey responses and participant-related data are stored in encrypted form on the company’s SharePoint server. Decryption keys and survey configurations are managed within the Medtora platform, ensuring a clear separation between data storage and platform logic. This architecture minimizes data exposure and ensures that Medtora does not hold participant personal data in readable form.

By leveraging the company’s existing SharePoint infrastructure, Medtora enables organizations to retain ownership, control and governance over personal data, while supporting secure processing, access control and compliance with GDPR requirements throughout the project lifecycle.