Privacy and Cookie Statement

Last updated: 19-03-2026

Who we are

FileButler is developed and maintained by the Health Data Space Utrecht (HDSU), part of UMC Utrecht.

What we collect and why

To provide access to the platform, we process your account information (such as your username) to verify your identity and maintain your session. Authentication is handled by our own identity service; no credentials are shared with third parties.

We use a session cookie to keep you logged in. It is deleted when you log out or close your browser. We do not use tracking or analytics cookies.

For security and accountability purposes, we maintain an audit trail of actions performed on the platform. This includes your username, the actions you performed, and the timestamps of those actions.

File uploads

Files uploaded through the client application are sent directly from your local computer to the Secure Processing Environment (SPE). They do not pass through our servers. We do record metadata about each upload — such as the filename, who uploaded it, and when — for audit trail and data management purposes.

Retention

Session data is deleted at the end of your session. Account data and audit logs are retained for as long as necessary, in accordance with applicable laws and regulations.

Contact

Contact details of development team:
support@hdsu.nl

Contact details of the Data Protection Officer:
functionaris.gegevensbescherming@umcutrecht.nl