Our claim

Security & Trust

As a manufacturer of medical devices in a psychotherapeutic environment, we have a particular responsibility when it comes to data protection and information security.

Man with a shield

Certified medical devices

elona therapy (class I, MDD) and elona explore (class I, MDR) are CE-marked medical devices.

Icon CE

information security

As a manufacturer of medical devices and digital solutions, Elona Health is certified in accordance with ISO 27001 by TÜV Süd.


Data protection compliance

Elona Health meets the highest European data protection standards for health data in accordance with the GDPR.

Icon Shield

Certified medical devices

elona therapy is a CE-marked class I medical device in accordance with MDD.

Icon CE

information security

Elona Health is certified in accordance with ISO EN 27001 by TÜV Süd. Our solutions meet the highest standards of the GDPR.


Data protection compliance

Elona Health meets the highest European data protection standards for health data.

Icon Shield

Certified medical devices

Regulation as a framework for quality and safety

The trustworthiness and reliability of our products is our top priority. We therefore comply with EU-wide standards and regulations such as the Medical Device Regulation (MDR). elona therapy (class I, MDD) and elona explore (class I, MDR) are marked as medical devices and the safety and performance of the products have been tested as part of the compliance test.

In addition, we regularly carry out tests and evaluations of our products as part of post-market surveillance, which includes the latest information from specialist literature, safety data, our own clinical studies or user feedback in development and compliance testing.

Further information

Find out more about ensuring medical quality and our clinical studies here.

Our commitment

Highest data security and data protection requirements

Health data is a valuable asset — especially when it comes to our mental health. We are committed to your personal information and believe that you should always have control over your data. Your personal data is immediately pseudonymized and encrypted on all products to ensure maximum data security. In doing so, you always have full control.

Elona Health never shares your data with third parties. If you release your data, only your therapist can access certain information relevant to your treatment. The data is stored on servers in Germany that are specially secured for health data. No data remains unencrypted on your individual device.

Privacy by design

Our products are developed according to the “privacy by design/default” principle. This means that we always implement a privacy-friendly technology design, data minimization and organizational protective measures.


We only use best practices (TLS, AES 128-bit encryption) for data transmission. The data is stored in ISO 27001, ISO 27701, BSI C5 and HIPPA certified data centers.


We separate user data from health information. Each type of data is stored separately on servers within the EU.

Audit trails

The audit trail (or audit trail) ensures that every action on your data is thoroughly traced and timestamped to provide solid evidence of access, verification, and signature.

To read

How we handle data

Our privacy policy details how we handle and protect your information. Our external data protection officer regularly reviews our privacy-related control measures and ensures that our processes and products always meet the highest requirements of the GDPR.

You can find out more about our privacy policy for the elona therapy mobile application (patients) and elona therapy web application (clinicians) as well as for elona explore in our resource center.

Delete data

We can delete all personal data from our systems upon request. However, data that is subject to legal reservation can only be deleted after the legal reservation procedure has been completed.

To request data deletion, please contact our Support.

Our certifications

Audited and certified information security

Security is not only an integral part of our products, but is also integrated into our infrastructure and business processes. With our information security management system (ISMS), we ensure a holistic security program that includes both IT and information security.

We are proud that this commitment to maximum safety has been tested and certified by TÜV Süd in accordance with the internationally recognized ISO 27001 standard.

An excerpt from our safety program


External experts and internal experts regularly review our processes and security measures. This ensures that we comply with relevant regulations and standards at all times.

Risk management

We carry out regular risk analyses, during which we assess potential security risks and take proactive measures to prevent damage.

Friendly Fire

We regularly try to penetrate our own security architecture (e.g. through so-called penetration tests) in order to identify and fix weak points.


Information security concerns every team member. That is why we regularly conduct continuing education and awareness training with our employees.

Verified partners

Our partners and suppliers are subject to extensive safety checks and commit to additional safety measures as required. We review our partners at least once a year.

Continuous improvement

We are not satisfied with the status quo, but always follow the latest security standards and best practices.

Safety at Elona Health

Meet our team


IT & Information Security Manager
(TÜV certified)

Dr. Werner

Data Protection Officer


Regulatory Affairs Manager, IT & Information Security Manager
(TÜV certified)

Ressource Center

Find out more in our privacy policies, terms and conditions, legal notice and FAQs.

Go to the resource center

Report a vulnerability

Are you a cybersecurity user or expert and have discovered a potential vulnerability or security vulnerability in our products? Then be sure to get in touch with us. In this way, we can ensure that it is closed quickly. Our information security team will review the notice and discuss it with you as needed.

contact us