At Recollective, the security and privacy of your research data are our top priorities. Our comprehensive Security & Privacy Overview details the rigorous measures we take to ensure the integrity, confidentiality, and availability of your information.
Download our comprehensive Security & Privacy Overview at the bottom of this page to learn more about how we protect your valuable research data.
Here’s a high-level summary of what you can expect:
Unwavering Commitment to Security
SOC 2 Compliance: We are proud to be SOC 2 Type I compliant and are actively working towards SOC 2 Type II compliance. This means our controls and processes meet stringent standards for security, availability, processing integrity, confidentiality, and privacy.
Cyber Security Program: Our cybersecurity framework includes robust risk assessments, proactive incident detection and response, secure data retention and destruction policies, and comprehensive disaster recovery and business continuity plans.
Continuous Improvement: We conduct regular internal audits and external assessments to ensure ongoing compliance and enhance our security posture.
Advanced Data Protection
Encryption: All data in transit and at rest is protected using advanced encryption protocols (TLS 1.2or later for data in transit and AES-256 for data at rest).
Access Controls: User authentication, two-factor authentication (2FA), and strict access control sensure only authorized users can access sensitive data.
Monitoring and Auditing: Our systems are monitored 24/7/365 for potential threats, and we perform regular security audits to identify and mitigate vulnerabilities.
Secure Cloud Hosting on AWS
Regional Deployment: We offer flexible deployment options across multiple geographic regions (Asia Pacific, Canada, European Union, USA) to meet your data residency requirements.
AWS Partnership: By leveragingAmazon Web Services (AWS), we ensure world-class physical and digital security measures, including SOC 1/SSAE 16/ISAE 3402, SOC 2, SOC 3, FISMA, FedRAMP, PCIDSS Level 1, ISO 9001, ISO 27001, and more.
Proactive Security Measures
Penetration Testing: Regular penetration tests by an independent security firm help us identify and address potential vulnerabilities.
Real-Time Monitoring: Advanced tools and services detect and respond to malicious activities in real-time, ensuring the security of our infrastructure.
Privacy by Design
GDPR Compliance: We support our customers’ compliance with the General Data Protection Regulation (GDPR) and other global privacy laws, ensuring that personal data is handled with the utmost care.
Data Processing Agreements (DPA): Our DPAs guarantee that customers can respond to data subject requests and report personal data breaches in accordance with GDPR timelines.
Privacy-First AI Solutions
Privacy-Centric AI Features: Recollective employs pre-trained AI models that exclude Personally Identifiable Information (PII) and process data using advanced encryption protocols, ensuring robust data security.
Transparency and Customer Control: Our Privacy Impact Assessment (PIA) provides full transparency about our data processing and safeguards. Customers can opt out of AI features.
Responsible AI Practices: Recollective enforces strict agreements with AI sub-processors, prohibiting data retention for model training and ensuring compliance with global privacy regulations like GDPR.
Third-Party Risk Management
Vendor Selection and Monitoring: We carefully select and continuously monitor our third-party service providers to ensure they adhere to our high standards for security and privacy.
Sub-Processor List: We transparently list all sub-processors involved in hosting or processing customer data, ensuring compliance with GDPR and other regulations.
User Authentication and AccessManagement
Defined User Roles: Clearly delineated user roles and permissions ensure secure and efficient access management.
Password Security: Robust password policies, including complexity requirements, expiration rules, and automatic account lockouts, safeguard against unauthorized access.
Why Choose Recollective?
Recollective is more than just a platform for your research needs; it is a fortress for your data. We go beyond compliance to provide a secure, reliable, and transparent environment where your research can thrive without concerns about data breaches or unauthorized access.