Scorch AI

Security and compliance

Trialflare is built on a foundation of trust. Every layer of the platform is designed to protect your data, your participants, and your study's integrity.

GDPR

GDPR

Trialflare is fully compliant with the General Data Protection Regulation. All participant and study data is stored in UK and EU data centres. We act as data processor on behalf of the host organisation (data controller), with full data processing agreements in place. Participants have the right to access, correct, and delete their data at any time.

HIPAA

HIPAA

Trialflare meets the requirements of the Health Insurance Portability and Accountability Act for the protection of health information. Enterprise-grade encryption, access controls, and comprehensive audit logging ensure that protected health information is handled securely throughout the study lifecycle.

21 CFR Part 11

21 CFR Part 11

Trialflare supports FDA 21 CFR Part 11 requirements for electronic records and electronic signatures. This includes validated systems, complete audit trails, user authentication, electronic signature controls, and record retention. Every action in the platform is logged with timestamps, user identity, and IP address.

ICH GCP

ICH GCP

Trialflare's study workflows, monitoring tools, and documentation are structured around the International Council for Harmonisation's Good Clinical Practice guidelines. The platform supports protocol-driven data capture, source data verification, and regulatory documentation management aligned to ICH E6 requirements.

Cyber Essentials

Cyber Essentials

Trialflare holds Cyber Essentials certification, the UK government-backed scheme that covers fundamental cyber security controls. This includes secure configuration, boundary firewalls, access control, patch management, and malware protection across all systems.

Cyber Essentials Plus

Cyber Essentials Plus

In addition to Cyber Essentials, Trialflare holds the independently verified Cyber Essentials Plus certification. This involves hands-on technical testing by an accredited assessor to confirm that controls are properly implemented and effective against real-world cyber threats.

Cyber Assurance

Cyber Assurance

Trialflare maintains ongoing cyber assurance practices beyond point-in-time certifications. This includes regular vulnerability assessments, penetration testing, incident response planning, and continuous monitoring to ensure security posture is maintained and improved over time.

Scorch AI

How we protect your data

Security is not an add-on. It is built into every layer of the platform.

UK and EU data centres

All study data is stored and processed in AWS and Azure UK-based data centres, including backups. Subprocessors also operate from UK or EU-based servers.

Encryption

Data is fully encrypted in transit (between your device and our servers) and at rest (on database hard disks). Industry-grade practices are used throughout.

Access control

Role-based access control ensures team members see only what they need. Two-factor authentication and single sign-on are available for all accounts.

Audit trails

Every action is logged with timestamps, user identity, and IP address. Audit trails are immutable and available for inspection at any time.

Backups and recovery

Regular encrypted backups are maintained in UK data centres. Backup data is retained for up to 30 days following deletion from the platform.

Secure deletion

When data is deleted from Trialflare, the deletion is done securely such that the data is non-recoverable. We do not use deletion flags.

Questions about security?

We are happy to walk you through our security practices or provide documentation for your ethics board.

Talk to us