Skip to main content
Clear Trials

Security & Compliance

Built for healthcare from day one. Every architectural decision reflects the regulatory requirements and trust obligations of clinical research.

Compliance at a glance

HIPAA Compliant

Infrastructure built on AWS with HIPAA-eligible services. BAAs executed with all applicable partners.

ICH-GCP Support

Designed to support ICH-GCP compliance with complete audit trails and approval workflows.

SOC 2 Type II

SOC 2 Type II certification currently in progress. Contact us for our latest compliance documentation.

No PHI Stored

No Protected Health Information is stored in the application database. Designed for zero-PHI architecture.

Infrastructure

Cloud hosting

Hosted on Amazon Web Services (AWS) using HIPAA-eligible services. Data resides in the United States.

Encryption

All data is encrypted at rest (AES-256) and in transit (TLS 1.2+). Database connections use encrypted channels.

Access controls

Role-based access controls with the principle of least privilege. Multi-factor authentication for all administrative access. Access logging for audit compliance.

Data handling

No PHI is stored in the application database. Documents are processed through our AI pipeline and the outputs (plain-language summaries, indexed content) are stored without personal identifiers. Participant access is managed through anonymized access codes.

AI Guardrails

Unlike general-purpose language models, Clear Trials operates within strict, contained boundaries designed in consultation with IRB professionals.

Human review required

Every AI-generated summary and transformation is fully reviewable and editable by your team. Nothing reaches participants without explicit approval.

Document-bounded responses

The participant-facing Q&A retrieves relevant passages from your actual uploaded documents with source attribution. It cannot provide medical advice, generate content outside the scope of your documents, or make claims beyond what your materials state.

Complete audit trails

Every document transformation, every edit, and every approval is logged with timestamps and user attribution. Full audit trails are available for regulatory review.

No promotional content

The platform is designed to preserve key information — including risks and limitations — without adding promotional language, minimizing adverse events, or encouraging participation beyond what the original documents state.

Documentation & Agreements

We provide the following documentation to support your compliance review:

  • Business Associate Agreement (BAA)
  • Security questionnaire responses (SIG, CAIQ, or custom)
  • IRB support documentation for your institutional review
  • Data processing agreement (DPA)
  • Platform security architecture overview

Contact us to request any of these documents or to discuss your specific compliance requirements.

Questions about security or compliance?

We're happy to walk through our security architecture and provide documentation for your compliance review.

Contact Us