Empatica is fully compliant with GDPR and has implemented the following security protections around the E4 infrastructure (E4 wristband, E4 manager, E4 realtime, E4 connect, E4 link, E4 streaming server):
- E4 connect is hosted by Amazon Web Services (AWS) the global leader in cloud based solutions. AWS is ISO 27001 certified to comply with gold standard "security management best practices and comprehensive security controls" and SOC 3 certified to be protected against "unauthorized access, use, and modification".
- The data housed in E4 connect cannot be matched with the individuals physically wearing the device. Empatica will not access personal data from final users (study participants). Accounts are associated with the researcher, not final users, so data is effectively anonymous.
- Data transmission between Empatica devices and smartphones as well as storage on the smartphones are protected through obscurity, data is stored in a custom binary format that can not be interpreted without our APIs.
- 128 Bit encrypted data transfer between our servers and applications (E4 wristband, E4 manager, E4 realtime, E4 connect, E4 link, E4 streaming server)
- Every E4 connect account holder has the right to ask us that we share with them the personal information we have on file. Please write to email@example.com for this request.
- The right to delete E4 connect account is extended to every account owner. This would disassociate the sessions you have recorded from your email address, and there would be no way to link them back to the study participant. You can write to firstname.lastname@example.org with regards to this.