Security

How we protect participant data

• All traffic is encrypted in transit (HTTPS), and data is encrypted at rest.
• Accounts are created from an approved program roster. There is no public sign-up.
• Access to participant data is restricted by role and enforced at the database layer.
• Sensitive administrative actions are recorded in an audit log.
• We rely on a small set of vetted infrastructure providers, each under a data-processing agreement.
• No third-party advertising, tracking, or analytics scripts run on participant pages.
• We monitor for errors and keep regular, encrypted backups.