ZirkoDesk
EN PL
Features How it works Who it’s for Pricing FAQ About Log in Contact us

Trust & security

How we protect patient data

A consolidated view of how ZirkoDesk handles security and data protection — built around EU data-protection law, by design.

Infrastructure

  • Hosted in the European Union — data residency in the EU
  • Connections encrypted in transit (TLS)
  • Data encrypted at rest by the storage layer
  • Managed, regularly updated cloud infrastructure

Product

  • Role-scoped access — people see only what their role needs
  • Append-only, timestamped history of every change
  • Quote & terms acceptance recorded as a discrete event
  • Attachments shared via short-lived, expiring links — not public URLs
  • Data minimisation — we collect only what a case needs

People & process

  • Clear controller / processor responsibilities
  • Access limited to what is needed to run the service
  • A named channel for security questions and reports

Sub-processors

These infrastructure providers process data on our behalf, within the EU. We announce changes to this list here — contact us to be notified.

Provider Purpose Location
Railway Application and website hosting (EU region). EU
Cloudflare Object storage and content delivery (EU region). EU

Data Processing Agreement

A Data Processing Agreement (DPA) is available on request — the instrument an EU controller needs with a processor.

Your data is yours

Export your orders, invoices and job cards as PDF at any time. Data portability is a RODO right — and there’s no vendor lock-in.

Security contact

Questions about security, or something to report? Email us and we’ll respond.

[email protected]

Responsible disclosure

If you believe you’ve found a security issue, please email us before disclosing it publicly. We’ll acknowledge your report and work with you on a fix. A machine-readable contact is published at /.well-known/security.txt.

What we don’t do

  • We do not place patient data in laboratory-side analytics or exports.
  • We do not sell or share your data for marketing purposes.
  • We do not impose vendor lock-in: invoices and job cards export to PDF, and your order data remains available for export.

Stop calling the lab

Move your case workflow into one place your practice and lab actually share — and send your first case in minutes.

Contact us

[email protected] · We usually reply within one business day.

Nothing to install · No setup fee · No long-term lock-in · Runs in the browser

EU data handling Encrypted in transit Encrypted at rest Documented acceptance