Security & Data Handling

We take data security seriously. Every workflow is designed around confidentiality, access control, and client-specific compliance requirements.

Data Protection

Encryption: All data encrypted in transit (TLS 1.2+) and at rest (AES-256 or equivalent).
Segregated Environments: Each project operates in isolated environments. No data is shared across client projects.
Secure Transfer: Data is transferred via secure protocols. We support client-specified transfer methods including SFTP, encrypted cloud storage, and direct API integration.

Access & Authentication

Role-Based Access Control: Least-privilege permissions enforced across all project environments.
Named Annotators: All work is performed by identified, accountable team members — not an anonymous crowd.
Audit Logging: Every annotation action, access event, and data operation is logged and available for review.

Working in Your Environment

We can operate directly inside your annotation platform — CVAT, Labelbox, Label Studio, or other client-owned tools.
When required, data never leaves your infrastructure. Our annotators access your environment via secure, controlled connections.
VPN and IP-restricted access available for sensitive projects.

Privacy & Compliance Posture

We design our workflows to support privacy-conscious data handling. We do not claim specific certifications — we adapt our operations to meet your compliance framework.

Workflows designed to support GDPR, CCPA, and HIPAA-adjacent requirements.
PII de-identification, masking, and redaction capabilities for sensitive datasets.
Data retention aligned to project contracts — we do not retain client data beyond agreed terms.
Able to complete vendor security questionnaires and adapt to client-specific data handling requirements.

NDAs & Agreements

All annotators operate under non-disclosure agreements.
Client-specific data handling agreements and BAAs available on request.
We are prepared to participate in vendor onboarding and security review processes.