Data Processors Policy

Last updated 1st July, 2020

Back to Legal Center

Categories of data subject

Types of Personal Data

Purposes of processing

User data may be processed for the provision of Services by the Provider. Participant data may be processed for the purposes of obtaining and managing their consent to take part in research carried out by the Customer.

Security measures for Personal Data

Our infrastructure runs on Heroku which is built on AWS. AWS data centre operations have been accredited under ISO27001, SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II), PCI Level 1, FISMA Moderate and Sarbanes-Oxley (SOX).

All data that is transmitted between the Customer, the Provider and any third parties is encrypted in transit using HTTPS TLS v1.2 encryption. Data is encrypted at rest using AES256 encryption.

All passwords are stored using the Bcrypt password hashing function.

Access to data for the Provider and its employees is on an as-needed basis only and is protected by SSO and 2FA.

Sub-processors of Personal Data