At Simsurveys, protecting our clients' data is a top priority. While our platform generates synthetic, physician-level survey data only (never patient information or PHI), we maintain safeguards consistent with healthcare-grade and enterprise SaaS security standards.
Encryption in transit & at rest — All data is encrypted using industry-standard protocols (TLS/HTTPS, AES-256).
Access control — Unique accounts, role-based permissions, and multi-factor authentication protect client environments.
Monitoring & alerting — System health and availability are continuously monitored.
Confidentiality agreements — All employees and contractors operate under NDA and least-privilege access policies.
Data isolation — Client projects are logically separated to prevent cross-access.
Backups & recovery — Automated backups are securely stored and tested for restorability.
Uptime monitoring — We maintain high system availability and monitor performance 24/7.
Data validation — Synthetic datasets are checked for completeness and accuracy before delivery.
Login tracking — User authentication events are logged for accountability.
Change activity — Project-level actions (e.g., question updates, report builds, quota changes) are recorded to maintain an audit trail.
Privacy policy — A formal policy is maintained and made available to clients.
Data retention — Client project data is retained indefinitely by default, ensuring projects remain accessible.
Deletion on request — Clients may request deletion at any time, and data will be securely removed from active systems and backups within defined timelines.
While Simsurveys has not yet undergone formal certification, our practices are designed to align with leading frameworks such as SOC 2 and ISO 27001. Certification is part of our roadmap, but today we already implement the core controls these standards require.
Our team is happy to discuss our security practices and compliance posture in detail.
Contact Security Team