Trial Programs Privacy & Data Security Overview

We adhere to the principle of data minimization and collect personal data with explicit consent through clear and affirmative actions. The data is anonymized for generating company reports and segregated for secure handling. We employ secure platforms like Airtable and Google Sheets for data storage, accompanied by strong password policies, two-factor authentication, and adherence to the Principle of Least Privilege (PoLP) and Role-Based Access Control (RBAC). We respect the rights of individuals to access their personal data, and individuals can contact our DPO to access their saved data or request its deletion.

We automate data transfers between applications securely using tools like Zapier, who employ advanced encryption techniques. We use SendGrid for email services, offering outbound TLS encryption where supported. We continuously review our vendors' security policies and procedures and ensure they meet our standards for data protection and privacy. Our vendors, including SendGrid, Airtable, Google and Zapier, are committed to data privacy laws, including GDPR, UK GDPR, and CCPA.

We remove all PII within 60 days, but we may retain non-identifiable survey data for future product development. We adopt stringent data anonymization and pseudonymization policies, complying with data protection guidelines. Robust security practices are in place, such as regular password changes, the use of two-factor authentication, and strict adherence to data anonymization and pseudonymization guidelines.

In the event of data breaches, we execute a comprehensive Incident Response Plan involving detection and analysis, containment and eradication, system recovery, and a post-incident review. Our response complies with Federal Trade Commission guidelines, and we promptly notify relevant authorities and affected individuals in alignment with GDPR, PIPEDA, UK's DPA 2018, and other applicable laws.

Our team receives regular updates and training on our data protection policies. Users are encouraged to contact us for any data protection concerns or requests. While we don't require a Data Processing Agreement (DPA) signature from third-party vendors, we ensure their practices comply with GDPR. We uphold the principles of 'Privacy by Design' and 'Privacy by Default,' ensuring automatic protection of personal data across any IT system, service, product, or business practice.

We are committed to understanding and implementing the best practices for data protection and privacy. We provide users with a clear understanding of how their data is collected, used, and protected. We commit to collecting only necessary data and consistently reviewing our data management processes to enhance transparency.