Security & Compliance
Institutional-grade security with end-to-end encryption and independently verified compliance, so your research data stays protected at every step.
Independently verified
GDPR
CompliantFull compliance with the EU General Data Protection Regulation. We process data lawfully, provide data subject rights, and maintain records of processing activities.
SOC 2 Type II
CompliantIndependently audited for security, availability, and confidentiality. Our SOC 2 Type II report is available under NDA for institutional procurement teams.
ISO 27001
In ProgressWe are actively pursuing ISO 27001 certification for our information security management system. Expected completion in 2026.
How we protect
your data
Encryption at rest and in transit
All data is encrypted using AES-256 at rest and TLS 1.3 in transit. Database backups and file storage are encrypted with platform-managed keys.
Access controls
Role-based access control with least-privilege principles. All employee access requires multi-factor authentication and is logged for audit.
Data residency
Data is stored in EU and US regions. Institutional customers can choose their preferred data residency region at onboarding.
Secure development
We follow secure SDLC practices including code review, automated vulnerability scanning, dependency monitoring, and regular penetration testing.
Data retention and deletion
You control your data. Projects and associated data can be deleted at any time. Upon account closure, all data is purged within 30 days.
Subprocessor transparency
We maintain a public list of subprocessors. Customers are notified of any changes and can object under our DPA terms.
Need more details?
We're happy to complete security questionnaires, share our SOC 2 report under NDA,
or provide a Data Processing Agreement.
