GDPR compliance is not enough for us
Many practice software providers advertise GDPR compliance – yet still use Zoom, WhatsApp or AWS. Technically legal, but with residual risk. We operate everything ourselves: video server, chat platform, database. Completely in Germany, completely under our control.
The Difference
Why GDPR Compliance Is Not Enough
Many providers advertise GDPR compliance yet still use Zoom, WhatsApp or Amazon Web Services (AWS). This is technically legal – but with residual risk.
|
oprax
Recommended
|
Other providers | |
|---|---|---|
| Video Sessions |
Own server in Germany
|
Zoom (USA), Teams (USA), Google Meet (USA)
|
| Client Chat |
Own infrastructure
|
WhatsApp Business (Meta/USA), Twilio (USA)
|
| Database |
Own servers (Hetzner, DE)
|
AWS (USA), Google Cloud (USA), Azure (USA)
|
| File Storage |
German servers
|
Amazon S3 (USA), Google Drive (USA)
|
| CLOUD Act Access |
Not possible
|
US authorities can request data
|
Own Infrastructure
Everything Under Our Control
We deliberately chose against external services. It costs more, but your data is worth it.
Own Video Platform
When you conduct a video session with us, it runs on our own server in Germany – not through Zoom, Teams or Google Meet. We have the hardware, we have the code, we have control. Your sessions are not processed by US corporations.
Own Chat Server
Messages between you and your clients run through our own infrastructure. No WhatsApp, no Telegram, no external chat API. Your communication stays where it belongs: with you.
German Servers
All data – videos, chats, client files, invoices – is stored on servers in Germany. Operated by a German company (Hetzner), under German law, with German data protection.
Virtual Waiting Room
Like a real practice: your clients wait in the virtual waiting room until you let them in. You decide when the conversation begins. No surprise entries, no shared links.
No Residual Risk
Many providers advertise GDPR compliance yet still use AWS, Google Cloud or Microsoft Azure. Technically legal – but the CLOUD Act enables US authorities to access data. Not with us: we are a German company with our own infrastructure.
Encryption on All Paths
All connections to oprax are encrypted with TLS. Your data is protected – both on the way to our servers and at rest. Even we cannot read your session content.
Biometric Security
In the mobile app, you can sign in with fingerprint or facial recognition. Fast, secure and without password entry on the way to your next session.
GDPR – Done Right
Many providers claim to be GDPR compliant – yet still use US services. We take a different path: because we operate everything ourselves, we can guarantee real GDPR compliance. With data processing agreement, documentation and regular audits.
What is the CLOUD Act?
The CLOUD Act (Clarifying Lawful Overseas Use of Data Act) is a US law from 2018. It allows US authorities to request data from US companies – even if that data is stored on servers in Europe.
This means: if you use Zoom, AWS or other US services, your data could theoretically be accessed by US authorities – even if the servers are in Frankfurt. With oprax, this is not possible because we are a German company and do not use US services.
Data Processing
DPA Included
As a data processor, we provide you with a complete Data Processing Agreement (DPA) pursuant to Art. 28 GDPR.
Your Questions
Frequently Asked Questions About Data Protection & Hosting
Convinced?
Try oprax free for 30 days and experience real data protection – without US clouds, without compromises.
Try for Free