Data Processors Policy
Last updated 1st July, 2020
Categories of data subject
Types of Personal Data
- First name
- Last name
- Email address
- IP address
Purposes of processing
User data may be processed for the provision of Services by the Provider. Participant data may be processed for the purposes of obtaining and managing their consent to take part in research carried out by the Customer.
Security measures for Personal Data
Our infrastructure runs on Heroku which is built on AWS. AWS data centre operations have been accredited under ISO27001, SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II), PCI Level 1, FISMA Moderate and Sarbanes-Oxley (SOX).
All data that is transmitted between the Customer, the Provider and any third parties is encrypted in transit using HTTPS TLS v1.2 encryption. Data is encrypted at rest using AES256 encryption.
All passwords are stored using the Bcrypt password hashing function.
Access to data for the Provider and its employees is on an as-needed basis only and is protected by SSO and 2FA.