// Trust & Security Report
Ada Health GmbH
Ada Assess (symptom assessment AI with medical guidance) and Medical Library. Consumer app and enterprise versions. Ada Assess is a Class IIa medical device under EU-MDR.
Certifications held
5
Maturity
Growth
Trains on your data
Yes
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on ada.com“Ada implements technical and organisational measures required by Article 32 GDPR and obtains ISO 27001 certification for its information security management system. Ada is EU-GDPR compliant.”
Verify on ada.com“Ada Assess is classified as a Class IIa medical device according to regulation (EU) 2017/745”
Verify on about.ada.com“HIPAA Compliant badge displayed on enterprise health systems page. Company complies with HIPAA standards for US enterprise deployments.”
> Show 1 unconfirmed / not-held certifications
source: ada.comNo mention of SOC 2 certification found on ada.com security, privacy, or compliance pages despite detailed security documentation.
// Privacy & AI training
Trains on customer data
Yes
Data processing agreement
Offered
Data region
EU (health data stored in EU on AWS EMEA S.A.R.L. in Luxembourg and Google Commerce Limited in Ireland)
Ada uses anonymized real world user data such as anonymized past assessment data for developing AI/LLM capabilities. Company follows high standards and strict procedures to ensure anonymization meets GDPR requirements.
// Security controls
Data separation
User details separated from health information, each stored separately in servers within the EU
ada.comData residency
Health data always stays in EU; personal data processed by AWS EMEA and Google Ireland
ada.comData Protection Officer
Designated DPO: dpo@ada.com; Supervisory authority: Berlin Data Protection Authority
ada.com// Products & data scope
data: User health data, symptoms, medical history
Class I medical device. GDPR-compliant. Uses anonymized data for AI training with user consent. Free consumer application.
data: Patient health data, EHR integration via FHIR
Class IIa medical device under EU-MDR. Offered to health systems and life sciences. HIPAA-compliant deployment option available. Secure EHR/CRM integration.
data: Health education content, no sensitive user data collection
Educational resource. Grounded in latest medical research and peer-reviewed studies.
// What to watch
- HIPAA certification is mentioned on enterprise pages (health systems, enterprise) but NOT on the main security page. Confidence is high that HIPAA-compliant versions exist for US enterprise deployments, but BAA documentation not found on ada.com—confirm BAA availability with sales team.
- SOC 2: No evidence of SOC 2 Type 1 or Type 2 certification found despite detailed security disclosures. If claimed elsewhere, verify independently.
- GDPR DPA: Offered for enterprise customers; confirm specific terms during procurement.
- Medical device classification (EU-MDR Class IIa for Ada Assess) is a strength signal for clinical safety but may not apply to all product variants or use cases.
// At a glance
Pricing model
Freemium consumer app; enterprise licensing for health systems and life sciences partners
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Ada Health GmbH's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
ada.com