Data Processing

How we handle your data

ME-TA is a Danish data processor under GDPR and Danish law. This page describes where your data goes, who sees it, and what is retained where — under which contractual instrument.

TL;DR. A sponsor uploads data through metawebservice.com directly into customer-scoped storage in AWS eu-west-1 (Ireland) under the AWS GDPR Data Processing Addendum. ME-TA operators on company-owned, BitLocker-encrypted PCs run a WinForms client that executes a three-stage workflow locally on the PCwork/ (human-actor), sce/ (machine-only deterministic SAS / R compute on the PC, no AI), and ai/ (Claude Code on the PC, with files staying local; only the AI prompt and completion travel out to AWS Bedrock in eu-central-1, Frankfurt for inference — curated operational content only; never patient or sample data). The entire client-work data chain is intra-EEA — no GDPR Chapter V transfer occurs. The engaged sub-processor is AWS EMEA SARL (Luxembourg) for storage and AI inference; Anthropic is the upstream model author and is not engaged as a separate sub-processor on the Bedrock path.

1. Where your data goes

A sponsor's data follows a deterministic path from upload through ME-TA's three-stage architecture and back to the sponsor as deliverables. Every box and arrow below is under contractual coverage of the AWS GDPR DPA or ME-TA's own QMS controls.

End-to-end data flow — sponsor → AWS EU → ME-TA operator → AWS EU → sponsor
SPONSOR ZONE browser · sponsor personnel AWS EU — under AWS GDPR DPA AWS EMEA SARL (Luxembourg) — eu-west-1 Ireland (storage / auth) · eu-central-1 Frankfurt (Bedrock) ME-TA OPERATOR ZONE Denmark · ME-TA-owned, BitLocker-encrypted PC · WinForms client runs work/ sce/ ai/ locally B1 — Sponsor user browser · SAML SSO / OTP B2 — metawebservice.com eu-west-1 · HTTPS edge · no content buffer B3 — Amazon S3 eu-west-1 · AES-256 · customer-scoped B4 — Aurora metadata only B5 — Cognito auth B7 — AWS Bedrock eu-central-1 Frankfurt · text-only inference Anthropic Claude (model author · not in data path) stateless · no retention · no training WinForms client (meta-cli + stage runner) three stages on the operator's PC · files local · BitLocker AES-256 full-disk encryption WORK stage human-actor · full data programs · drafts · outputs meta-cli sync ↔ S3 SCE stage machine-only · SAS / R deterministic compute no AI invoked here AI stage Claude Code on PC files stay local · Cat A only → Bedrock for inference B9 — ~/.claude/projects/ local AI conversation cache ≤30-day operator-deletion SOP (P22 §22.3.5) A1 HTTPS / auth A3 direct upload (pre-signed) A13 download deliverable A6 meta-cli sync A7 push outputs A8 job A9 out Cat A promote A10 prompt text → Bedrock A11 ← completion text (model reply) TXT Text-only inference channel — files never cross this lane boundary A12 cache All client-work data is intra-EEA — no GDPR Chapter V transfer arises

End-to-end data flow. The three inter-stage control gates (human-gated promotion, SAS-file submission, automated redaction) are described in the narrative bullets below — this diagram answers "where does data physically go?" only.

Reading the diagram

The three inter-stage control gates

Each transition between stages inside the WinForms client is controlled — by humans, by structural design, or by an automated filter. None of these controls is shown on the diagram above (which answers only "where does data go?"); they are stated here in prose:

2. Who actually sees your data

Each row below is an actor in or around the data flow. Each column is a class of data. A cell shows the maximum visibility under normal operations; least-privilege controls in our QMS reduce actual visibility further per engagement role.

Actor visibility matrix
Trial data (Category B) Cat A operational Cat A elevated-sensitivity AI prompts/completions Audit metadata User account info Aggregate platform metrics Sponsor user (controller) their own session their own engagement none ME-TA operator (engagement-assigned) their own session their own actions own none ME-TA admin / DPO metadata only* metadata only* metadata only* none AWS (EMEA SARL) sub-processor encrypted bytes only encrypted bytes only encrypted bytes only in transit only none encrypted bytes only none Anthropic upstream model author — not engaged as a sub-processor none none none none none none none Ancillary sub-processors email · scheduling — admin only none none none none none limited contact data none full visibility (within engagement scope) metadata-only / encrypted-bytes-only / scoped none structural denial * ME-TA admin / DPO visibility into clinical content is gated by customer-admin authorisation per P07 §7.10 and P21 §21.8. ME-TA personnel do not readily have access to customer content unless the customer has granted access.

* ME-TA admin / DPO visibility into clinical content is gated by customer-admin authorisation per P07 §7.10 and P21 §21.8. ME-TA personnel do not readily have access to customer content unless the customer has granted access.

3. What is retained where

What is kept, where it is kept, how long, and under which contractual instrument.

Retention picture — by location, with country, duration, and governing instrument
Client-work data: 100% intra-EEA · No GDPR Chapter V transfer Location What is retained Country Duration (solid = fixed · hatched = variable) Governing instrument 5y 10y 15y 20y 25y AWS eu-west-1 (Ireland) S3 — submission-bound clinical data 🇮🇪 Ireland up to 25 years AWS GDPR DPA S3 — temporary / draft data 🇮🇪 Ireland ≤1y prod · ≤3y backup AWS GDPR DPA Aurora — platform metadata 🇮🇪 Ireland engagement + audit horizon AWS GDPR DPA Cognito — user accounts 🇮🇪 Ireland account lifetime (90-day inactivity cleanup) AWS GDPR DPA Audit-log bucket (Clause D.4) 🇮🇪 Ireland 7 years AWS GDPR DPA + ME-TA QMS Backups (encrypted) 🇮🇪 Ireland per recovery cycle AWS GDPR DPA AWS eu-central-1 (Frankfurt) Bedrock — AI inference (Anthropic Claude) 🇩🇪 Germany none beyond request lifetime AWS GDPR DPA stateless prompt path · no training · invocation logging Processor-controlled Denmark — operator workstation (ME-TA-owned, BitLocker) work/ stage files 🇩🇰 Denmark engagement duration ME-TA QMS (own custody) ~/.claude/projects/ AI cache 🇩🇰 Denmark ≤30 days (P22 §22.3.5 SOP) ME-TA QMS Audit metadata persists for the regulatory retention period independently of, and after, conversation-content deletion.

Client-work retention only. ME-TA's internal-only use of consumer-tier Anthropic (no client content) is described in a separate note below.

ME-TA internal-only consumer-tier Anthropic

Separate from anything on the diagram above: ME-TA uses consumer-tier Anthropic (e.g. Claude Max) for internal work only — platform development, internal documentation, learning. No client content ever travels this path, per P22 §22.3.4. Conversations on this path live on Anthropic infrastructure in the United States under Anthropic's Consumer Terms (indefinite until operator-deleted, +30 day backend grace, T&S exception up to 2 years for inputs/outputs and 7 years for classification scores). Anthropic on this path is not a sub-processor of ME-TA — it is ME-TA's own tool vendor for internal-only purposes, with no controller-processor relationship arising.

4. How each boundary is enforced

Sections 1–3 above answer the procurement / DPO questions: where data goes, who sees it, how long it's kept. This section is for the IT-security review: nine specific boundaries the architecture is designed to maintain, the layered controls behind each, and what specifically enforces them. Read it if you are mapping our controls to a security framework (ISO 27001 Annex A, SOC 2 CC, NIST SP 800-53) or running a vendor risk assessment.

Defence in depth — controls layered per security boundary
Defence in depth — layered controls per security boundary Threat / boundary what we prevent · what enforces it Identity & access (IAM, MFA) Network VPC · egress · TLS Content / app structural · filters Procedural QMS policy · ME-TA Audit detection · logging 1. Cross-sponsor data isolation No sponsor sees another sponsor's data, ever Customer-scoped IAM + Cognito session S3 customer-prefix per-engagement scope Portal scope server-side enforced P07 §7.10 admin-grant model All access events logged · Aurora 2. No browsing without authorisation ME-TA personnel cannot read customer content Customer-admin grant required for access covered elsewhere Portal access control scoped to grants P07 §7.10 · P21 §21.8 explicit grant model Access events with operator identity 3. Cat-B never reaches AI Patient-level / unblinded data structurally denied AI Surface IAM denies Cat-B bucket read VPC egress restricted to Bedrock endpoint Pre-flight filter + session-open rejection P22 §22.4 · §22.5 three-stage architecture Promotion events + content fingerprints 4. AI provider non-retention / non-training Bedrock stateless · no training on prompts covered elsewhere Stateless per request no client log default Bedrock managed inference pattern AWS Service Terms §1.14 (DPA auto-incorporated) Optional invocation log EU Processor bucket 5. Data stays in EEA No GDPR Chapter V transfer for client work Region-pinned IAM roles · no role-chain out EU-region endpoints only · no cross-region No replication outside EEA buckets Sub-processor list + AWS account region cfg CloudTrail region events · sub-proc register 6. No exfiltration via personal AI Operator cannot route client work to consumer Anthropic Corporate AWS account is only AI path covered elsewhere covered elsewhere P22 §22.3.3.4 ban + training + attestation Activity monitoring + periodic attestation 7. Lost laptop is not a breach Device loss does not become a data breach Cognito MFA · 30-min auto-logoff (P07 §7.6) covered elsewhere BitLocker AES-256 full-disk encryption P07 §7.7.5 + §7.6 + Norton AV (§7.7.7) Device register + lost-device SOP 8. Prompt-injection mitigation (AI-specific) Adversarial SCE output cannot subvert AI behaviour AI scope = Cat A only limited blast radius Egress = Bedrock only no other exfil path Human review of AI output before deliverable P22 §22.6 named- reviewer post-output gate Prompt + output fingerprints · 7 years 9. Audit log tamper-evidence Privileged admin cannot rewrite history Write-only role on audit-log bucket Separate IAM scope for audit S3 S3 Object Lock (WORM) + delete-deny policy Clause D.4.2 — 7y retention floor covered elsewhere Each row names a security boundary the architecture is designed to maintain. Columns are defence layers. Cells name the specific mechanism. “—” means the layer is not load-bearing for that threat — other layers cover it.

Rows 1–7 are derived from context/operations/data-flow.md §7 (trust boundaries + enforcement). Rows 8–9 (prompt-injection mitigation; audit log tamper-evidence) are AI-specific and audit-integrity additions per the IT-security review.

Reading the matrix

5. Sub-processors

ME-TA's contractual sub-processor chain for client work.

Sub-processor Role Location Instrument
Amazon Web Services EMEA SARL (Luxembourg) — infrastructure S3 storage, Aurora metadata, Cognito auth (SCE compute runs locally on the operator's PC, so AWS is not a sub-processor for that stage) AWS eu-west-1 (Ireland) primary; eu-north-1 / eu-central-1 as DR AWS GDPR DPA (auto-incorporated, Service Terms §1.14.1)
Amazon Web Services EMEA SARL (Luxembourg) — AWS Bedrock AI inference for Category A content (Anthropic Claude models on AWS Bedrock; no provider-side retention; no training) AWS eu-central-1 (Frankfurt) primary AWS GDPR DPA (auto-incorporated, Service Terms §1.14.1)
Ancillary business sub-processors Engagement administration only (email, document exchange, scheduling) — no clinical data Per supplier disclosure Supplier DPA (under ME-TA P05 / P17)

Why Anthropic is not listed as a sub-processor

Under the AWS Bedrock access pattern, ME-TA's controller's prompts and completions do not flow to Anthropic. AWS hosts the model weights under license from Anthropic and operates the inference service on AWS infrastructure; prompts and completions are not shared with Anthropic. Applying GDPR Art. 4(2) / 4(8) and the EDPB Guidelines 07/2020 factual-nexus test, Anthropic does not factually process ME-TA's controller's data on this path and is therefore not engaged as a processor under Art. 28. The Art. 28 contract is with AWS. Anthropic is the upstream model author — a tool licensor — analogous to Microsoft for Word or the PostgreSQL Global Development Group for AWS RDS for PostgreSQL.

The full rationale, including honest caveats and the procurement walk-through, is available on request as part of the DPA package.

6. Source documents

The contractual and policy instruments behind the architecture above.

AWS GDPR Data Processing Addendum

Auto-incorporated into AWS Service Terms §1.14.1 — covers all AWS-hosted data including Bedrock inference.

Download PDF →

AWS Service Terms §1.14

The clause that auto-incorporates the AWS GDPR DPA into every AWS customer agreement.

View on aws.amazon.com →

ME-TA QMS — P22 AI Usage

ME-TA's AI policy: approved tools, three-stage architecture, data classification, operator hygiene, AI Act compliance.

View on policy.me-ta.dk →

ME-TA QMS — P21 GDPR

ME-TA's GDPR policy, sub-processor register, encryption framework.

View on policy.me-ta.dk →

ME-TA DPA template

Sponsor-tailored Article 28 DPA. Sent on request — combines the main DPA and the AI-specific addendum, with sponsor entity details substituted.

Request via email →

Sub-processor list

Live sub-processor register at policy.me-ta.dk — kept current under 30-day change-notice per P21 §21.11.

View on policy.me-ta.dk →

Need a sponsor-tailored DPA?

We provide an Article 28 DPA tailored to each engagement — entity details, Annex C scope, and AI-addendum elections. Our standard turnaround for the first draft is one business day.

Email contact@me-ta.dk