At RebaseData, security is our highest priority.

We want you to feel safe when you convert your databases, especially when they contain sensitive data like healthcare data. Therefore, we invested a lot of effort in securing our service.

Security brochure


We comply with GPDR and offer a Data Processing Agreement (DPA). We provide a commitment regarding § 203 of the German Criminal Code to process health data. Furthermore, we are compliant with HIPAA Privacy/Security to protect your ePHI. We have a designated HIPAA Privacy/Security officer and all necessary policies and procedures in place. We are available to sign a Business Associate Agreement (BAA) with you, no matter if you are a Covered Entity or a Business Associate under HIPAA.


Our servers are monitored 24/7. Every server has a firewall with strict packet rules configured. The servers’ software is updated at least every month. We are part of a security mailing list so that we receive vulnerability notifications as early as possible. Once we receive a relevant vulnerability notification, we will react immediately by updating our servers. The servers have full disk encryption, for which only we have the key (no external party).

Data center

Our data center Hetzner Online GmbH is located in Sigmundstraße 135, 90431 Nuremberg, Germany. It is compliant with ISO/IEC 27001:2013. We can provide you the certificate and the statement of applicability that shows the security measures that are in place.


Our workforce was educated regarding data privacy and security. They went through a GDPR, HIPAA Awareness and HIPAA Security training. We have numerous policies and procedures in place to guarantee GDPR, and HIPAA compliant data processing. Every single team member signed a confidentiality agreement.


Our proprietary application that converts the databases is written in a safe programming language, Java. Furthermore, it was reviewed for security. Every conversion is executed in a secure environment on one of our servers so that each conversion is guaranteed to be strictly separated from other conversions.


Data is always encrypted at rest using strong encryption, no matter if it’s saved on our servers or a workstation. Also, the data in motion is always encrypted via SSL/TLS.

Access controls and audits

Each user has a unique identification. We are very strict when granting permission to a certain user. Permissions are always kept at a minimum level. We regularly check access lists and we audit server logins.

Contingency plan

For our enterprise customers, we offer a highly available server setup. In addition, we offer superior SLAs.

Storage duration

Your data is stored only temporarily on our secure servers in Germany. Your conversion files are deleted immediately after the download when using the API. Your files are deleted 6 hours after the conversion finished when using a public conversion page or 48 hours after the conversion finished when using the panel conversion page (conversion based on a data set).