Security & Compliance

Enterprise-grade security designed for government agencies and sensitive data handling

Certifications & Compliance

Industry-leading security certifications and regulatory compliance

Certified
SOC 2 Type II
Independently audited security, availability, processing integrity, confidentiality, and privacy controls.
Compliant
GDPR Compliant
Full compliance with General Data Protection Regulation for EU data protection and privacy rights.
Compliant
CCPA Compliant
California Consumer Privacy Act compliance with user data rights and transparency requirements.
In Progress
FedRAMP Authorized
Federal Risk and Authorization Management Program authorization for government cloud services.

Security Features

Comprehensive security measures to protect your data

End-to-End Encryption

All data in transit uses TLS 1.3 encryption. Sensitive data at rest is encrypted using AES-256.

Multi-Factor Authentication

Two-factor authentication (2FA) support with TOTP and hardware security keys for enhanced account protection.

Role-Based Access Control

Granular permission management with team-level access controls and audit logging of all user actions.

Regular Security Audits

Third-party security audits conducted quarterly. Penetration testing and vulnerability assessments performed regularly.

Data Residency

Choose data residency location (US, EU, or Asia-Pacific) to comply with local data sovereignty requirements.

Compliance Monitoring

Continuous monitoring and automated compliance checking for GDPR, CCPA, HIPAA, and other regulatory frameworks.

Data Protection Standards

How we protect your sensitive research and policy data

Data Encryption

AES-256 encryption for data at rest, TLS 1.3 for data in transit, and secure key management with HSM.

Access Controls

Role-based access control (RBAC), team-based data segmentation, and principle of least privilege enforcement.

Audit Logging

Complete audit trails for all user actions, data access, and system changes with immutable log storage.

Backup & Disaster Recovery

Automated daily backups with 30-day retention, geographic redundancy, and 4-hour RTO/1-hour RPO.

Incident Response

24/7 security monitoring, incident response team on-call, and 1-hour incident notification SLA.

Data Retention

Configurable data retention policies, automated deletion, and GDPR right-to-be-forgotten support.

Regulatory Compliance

GDPR (General Data Protection Regulation)

Full compliance with GDPR requirements including data subject rights, lawful basis for processing, data protection impact assessments, and data breach notification procedures.

  • Data portability and right to be forgotten support
  • Privacy by design and default principles
  • Data Processing Agreements (DPA) available
  • Regular GDPR compliance audits

CCPA (California Consumer Privacy Act)

CCPA compliance for California residents including consumer privacy rights, opt-out mechanisms, and transparency requirements.

  • Consumer right to access personal information
  • Consumer right to delete personal information
  • Consumer right to opt-out of data sales
  • Annual privacy impact assessments

FedRAMP (Federal Risk and Authorization Management Program)

FedRAMP authorization for secure cloud services used by U.S. federal agencies and government contractors.

  • NIST SP 800-53 security controls implementation
  • Continuous monitoring and compliance verification
  • Annual security assessment and authorization renewal
  • Government-approved data center locations

HIPAA (Health Insurance Portability and Accountability Act)

HIPAA compliance for handling protected health information (PHI) in research and policy analysis contexts.

  • Encryption of PHI in transit and at rest
  • Access controls and audit logging
  • Business Associate Agreements (BAA) available
  • Breach notification procedures

Security Questions?

Our security team is available to discuss compliance requirements, certifications, and security architecture.

Contact Security Team