Home About Modules Contact
Deutsch
SECURITY ARCHITECTURE

Your patient data
never leaves the practice.

No cloud transfer. No external AI API. No tracking. Aescuris runs on a dedicated server in your practice — with military-grade network isolation and encrypted remote maintenance.

Request security concept
ARCHITECTURE

One server. Your practice.
No external connection.

PRACTICE LAN
Workstations
Tablets / Mobile
Local AI ServerIndividual performance configurationFull disk encryption active
Language ModelsDatabaseKnowledge BaseText RecognitionContainerization
INTERNET — UPDATES ONLY
REMOTE MAINTENANCE
Encrypted point-to-point tunnel
Server administration only — no access to internal practice LAN
No root access via remote maintenance
No port forwarding required on practice router
No scanning or access to other network devices
PROTECTION

Multi-layered security.
No single point of failure.

Local data processing

All AI models run on your server in the practice. No connection to cloud AI services. Text recognition, language processing and analysis — everything stays local.

Encryption at every level

Full disk encryption protects data at rest. Remote maintenance runs through an end-to-end encrypted tunnel. Access only with cryptographic keys — no passwords.

Network isolation

A packet filter firewall prevents the server from accessing other devices on the practice LAN. Even in case of a security incident, your network remains protected.

No telemetry

No tracking, no usage data, no analytics. We don't know how you use Aescuris — and that's by design.

Service isolation

Each service runs in its own isolated environment. Database and knowledge base are only accessible on the server itself — not on the practice network.

Secure remote maintenance

Updates and administration run through an encrypted point-to-point tunnel — no open ports on your router. Maintenance access is limited to the server, not your network.

TESTED & VERIFIED

Simulated attacks.
All blocked.

We regularly test our security architecture with simulated attack scenarios. Result: not a single vector successful.

Network attacks

  • Reach router or gateway via remote maintenance
  • Scan or ping other practice devices
  • Establish connections to internal network devices
  • Break out of service isolation

Privilege escalation

  • Disable firewall via remote maintenance
  • Gain administrator privileges
  • Manipulate or delete system files
  • View or modify security configuration
PRIVACY BY DESIGN

Not retrofitted.
Built from the ground up.

01

Minimal internet access

The server only connects to the internet for software updates and model downloads. No data traffic with external AI services — at any time.

02

Clear access hierarchy

Practice staff use the dashboard on the local network. Administrators need cryptographic keys. Security-critical changes require physical access to the device.

03

Automatic updates

Software updates are downloaded encrypted and applied automatically. Operating system updates are controlled and manually approved.

04

Physical security

The server is located in your practice. Disk encryption protects against theft. Automatic restart after power outage. Screen lock after 5 minutes of inactivity.

SECURITY CONCEPT

Detailed security concept
for your pilot practice.

Pilot practices receive the complete security concept with technical documentation.

Request pilot programme About Aescuris