Regulatory Affairs
This section provides information about privacy, healthcare regulatory affairs, and certifications that may be required to meet sanitary standards across different regions of the world.
Sanitary affairs and SaMD Certification
Medical purpose softwares that are not part of a hardware device are considered SaMDs
Apps that use Wave Light APIs to measure vital signs utilize files captured on mobile devices, such as smartphones, and do not connect to medical devices regulated by health authorities fall into the category of SaMDs, which are defined as a "software intended to be used for one or more medical purposes that perform these purposes without being part of a hardware medical device" by the International Medical Device Regulators Forum (IMDRF).
Some countries already have specific regulations for SaMDs, you need to comply with them or other applicable legislation in force.
While existing regulations cover software components within traditional medical devices, they may not adequately account for the unique risks associated with SaMD products. Some countries require certification for product commercialization. You need to verify whether the country where you intend to operate has specific regulations for SaMDs or which legislation applies in this situation, to ensure compliance with local laws.​​
WaveLight APIs are not considered a SaMD and does not need certification, however our API customers may need certification to operate.
WaveLight APIs are not considered a SaMD under any regulation. Our company focuses on developing APIs for integration into client applications rather than directly selling to users and therefore does not need to seek a certification. However, businesses incorporating our APIs into medical or healthcare software applications need to secure the necessary certifications and classify their products according to the regulations of the country or region where they intend to market.
Our team is available to support our clients throughout the certification process with any doubts they might have or guidance they might need. Feel free to contact us for any help or assistance!
Regulatory Agencies
​
-
Brazil: The regulatory agency responsible for sanitary control of all products and services subject to sanitary surveillance is ANVISA.
-
United States: The necessary certifications are issued by the FDA (Food and Drug Administration).
-
European Union: The CE Certificate is regulated by the Medical Device Regulation (MDR) and the In Vitro Diagnostic Medical Device Regulation (IVDR).
For more detailed information about the certification process, please refer to the links below.
Useful Links
Privacy Aspects
Privacy best practices ensure compliance with data protection laws.
Privacy aspects are fundamental to ensure that a company complies with data protection laws, safeguarding the privacy and security of user information. Companies must strictly adhere to regulations from each region in which they operate.​​
Each region has its own privacy regulations that must be carefully observed.
​Regulations such as the GDPR (General Data Protection Regulation) in Europe, HIPAA (Health Insurance Portability and Accountability Act) in the United States, and LGPD (Lei Geral de Proteção de Dados) in Brazil, must be observed in each region, to avoid regulatory issues.
Wave Light APIs are anonymous by design and don't collect protected information.
The Wave Light APIs do not collect personal or protected information. The media files and the metadata received contain only non-personal information such as height, weight, and age, which makes Wave Light APIs anonymous by design, and therefore, automatically compliant with any privacy regulation existent.
Companies that use Wave Light APIs must ensure to comply with data privacy regulations.
However, companies who develop software that collects personal information using our APIs must ensure that their products comply with applicable data protection regulations, implementing appropriate measures to protect user information and meet the legal requirements of each region where they intend to operate.