Compliance
The data privacy regulations we take seriously and how we handle them
We do not hold formal certifications such as SOC 2 or ISO 27001 at this stage. What we do is take applicable data privacy laws seriously and build our platform in a way that respects your rights and keeps your data safe.
Applicable Regulations
General Data Protection Regulation — European Union
GDPR is EU law that governs how personal data of EU residents must be collected, stored, and processed. As a platform used by researchers in the EU, we take our obligations under GDPR seriously. This includes maintaining a lawful basis for processing your data, respecting your rights to access and deletion, and ensuring your data is not shared or sold. Our full obligations are described in our Privacy Policy.
California Consumer Privacy Act — California, United States
CCPA gives California residents specific rights over their personal data, including the right to know what data we hold, the right to request deletion, and the right to opt out of any sale of personal information. We do not sell personal data. California residents can exercise their rights by contacting us directly.
What we actually do
These are the concrete measures in place in the current version of Paraclyst.
- Comprehensive audit trails and activity logging on all data changes
- Role-based access control so users only see what they are permitted to
- Data encrypted in transit via TLS and at rest by our database provider (Supabase)
- Row-level security policies ensuring each user can only access their own organisation's data
- No sale or sharing of personal data with third parties for marketing purposes
- Data deletion available on request in accordance with GDPR and CCPA rights
Questions about your data?
If you want to know what data we hold about you, request deletion, or have any compliance-related questions, read our Privacy Policy or contact us directly.