Data Security

Encryption

All personal data is encrypted in transit using TLS and at rest using industry-standard ciphers. Encryption keys are managed within the EU.

Access controls

Role-based access is required for every authorized user. Privileged actions are subject to multi-factor authentication.

Audit logging

Report access, modification, and disclosure events are logged for compliance review by the contracting facility.

Incident response

Security incidents involving personal data are notified to the contracting facility and to the relevant data-protection authority in accordance with GDPR Article 33.

Backup and continuity

Backups are encrypted and stored within EU jurisdiction. Continuity procedures are reviewed periodically.