Trialflare is built on a foundation of trust. Every layer of the platform is designed to protect your data, your participants, and your study's integrity.
Trialflare is fully compliant with the General Data Protection Regulation. All participant and study data is stored in UK and EU data centres. We act as data processor on behalf of the host organisation (data controller), with full data processing agreements in place. Participants have the right to access, correct, and delete their data at any time.
Trialflare meets the requirements of the Health Insurance Portability and Accountability Act for the protection of health information. Enterprise-grade encryption, access controls, and comprehensive audit logging ensure that protected health information is handled securely throughout the study lifecycle.
Trialflare supports FDA 21 CFR Part 11 requirements for electronic records and electronic signatures. This includes validated systems, complete audit trails, user authentication, electronic signature controls, and record retention. Every action in the platform is logged with timestamps, user identity, and IP address.
Trialflare's study workflows, monitoring tools, and documentation are structured around the International Council for Harmonisation's Good Clinical Practice guidelines. The platform supports protocol-driven data capture, source data verification, and regulatory documentation management aligned to ICH E6 requirements.
Trialflare holds Cyber Essentials certification, the UK government-backed scheme that covers fundamental cyber security controls. This includes secure configuration, boundary firewalls, access control, patch management, and malware protection across all systems.
In addition to Cyber Essentials, Trialflare holds the independently verified Cyber Essentials Plus certification. This involves hands-on technical testing by an accredited assessor to confirm that controls are properly implemented and effective against real-world cyber threats.
Trialflare maintains ongoing cyber assurance practices beyond point-in-time certifications. This includes regular vulnerability assessments, penetration testing, incident response planning, and continuous monitoring to ensure security posture is maintained and improved over time.
Security is not an add-on. It is built into every layer of the platform.
All study data is stored and processed in AWS and Azure UK-based data centres, including backups. Subprocessors also operate from UK or EU-based servers.
Data is fully encrypted in transit (between your device and our servers) and at rest (on database hard disks). Industry-grade practices are used throughout.
Role-based access control ensures team members see only what they need. Two-factor authentication and single sign-on are available for all accounts.
Every action is logged with timestamps, user identity, and IP address. Audit trails are immutable and available for inspection at any time.
Regular encrypted backups are maintained in UK data centres. Backup data is retained for up to 30 days following deletion from the platform.
When data is deleted from Trialflare, the deletion is done securely such that the data is non-recoverable. We do not use deletion flags.
We are happy to walk you through our security practices or provide documentation for your ethics board.
Talk to us