Skip to content

Enterprise-Grade Security.
Clinical-Grade Compliance.

Built from the ground up for modern clinical trials. Your data is secure, compliant, and always available.

Book Discovery Call Contact Security Team

Regulatory Compliance

Purpose-built for the most demanding regulatory environments in healthcare.

21 CFR Part 11

FDA compliance for electronic records and signatures. Immutable audit trails, e-signatures with re-authentication, and access controls.

GDPR

EU data protection with field-level PII encryption, data subject rights support, and configurable data residency controls.

HIPAA

US Protected Health Information safeguards with encryption at rest and in transit, minimum necessary controls, and audit logging.

ICH-GCP

Full alignment with ICH E6(R2/R3) Good Clinical Practice guidelines — source data verification, risk-based monitoring, and data integrity controls.

SOC 2

Security architecture designed for SOC 2 Trust Service Criteria — security, availability, and confidentiality controls built in from day one.

ISO 27001

Information security controls aligned with ISO 27001:2022 across all four control themes: organisational, people, physical, and technological.

Seven Layers of Security

Defense-in-depth architecture ensures no single point of failure can compromise your data.

1

Network

TLS 1.3, WAF, DDoS protection, IP allowlisting

2

Authentication

MFA, OAuth 2.0, session management, brute-force protection

3

Authorization

RBAC, object-level permissions, site-level data isolation

4

Application

Input validation, CSRF protection, XSS prevention, SQL injection protection

5

Data

Field-level PII encryption, AES-256 at rest, encrypted backups

6

Audit

Immutable audit trails, database-level logging, access logs

7

Monitoring

SIEM integration, anomaly detection, breach alerts

End-to-End Encryption

Your clinical data is encrypted at every stage — at rest, in transit, and in backup.

Encryption at Rest

  • AES-256 volume encryption for all database storage
  • Field-level PII encryption via pgcrypto
  • Encrypted database backups with key rotation
  • Hardware security modules (HSM) for key management
  • Argon2id password hashing with salting

Encryption in Transit

  • TLS 1.3 for all connections — no exceptions
  • HSTS with 1-year max-age and preload
  • Certificate pinning for mobile applications
  • Strict SameSite cookie policy
  • Secure, httpOnly authentication cookies

Ready to Review Our Security Posture?

Request a security assessment, review our compliance documentation, or speak directly with our security team.

Book Discovery Call View Documentation