Designed for regulated workflows.

Data handling

• AWS S3 for document and dataset storage, with encryption at rest, versioning, and access logs
• Relational database (PostgreSQL on AWS RDS) deployed in a private subnet
• Credentials managed via AWS Secrets Manager

Access

• Per-project permissions: users see only the trials they’re assigned to
• Audit trail on every read and every write

LLM data policy

• Clear statement of which models process which data (provided to every customer during onboarding)
• We do not train, fine-tune, or retain derived training data on customer content
• Model selection is configurable per tenant
• External LLM calls can be disabled per tenant on request

Standards we design to

• ICH E3 — structure and content of clinical study reports
• CDISC SDTM and ADaM — clinical-data standards for analysis and submission
• 21 CFR Part 11-aware audit trails
• GDPR-aware data handling

These are design orientations. We’re happy to walk through the specifics with your security and quality teams during evaluation.

Deployment options

• SaaS (default): multi-tenant deployment on AWS
• Private-tenant deployment on request: isolated infrastructure within our AWS account, or within yours via a managed arrangement

Sub-processors

• Anthropic (LLM)
• OpenAI (LLM, embeddings)
• Amazon Web Services (hosting, storage, database, email)