Platform Security

Data Privacy & Security

Terac integrates rigorous cybersecurity and data privacy protocols into every stage of building and maintaining our platform. We uphold strict commitments to our customers and participants when it comes to protecting their data.

01

Compliance & Certifications

We maintain SOC 2 Type II compliance, audited annually by accredited third parties. We are actively working toward GDPR compliance as part of our data protection roadmap.

  • SOC 2 Type II audited annually
  • GDPR compliance in progress
  • Data Processing Agreements available for all customers
  • Regular third-party security assessments
02

Infrastructure & Platform Stability

Our platform is built on modern cloud infrastructure with high availability and redundancy at every layer. All data is encrypted in transit with TLS 1.3 and at rest with AES-256.

  • 99.9%+ platform uptime
  • TLS 1.3 encryption in transit
  • AES-256 encryption at rest
  • Automated vulnerability monitoring across the entire stack
03

Access Controls & Authentication

We operate a least-privilege access model with multi-factor authentication enforced across all critical systems. Production access is granted on a just-in-time basis with full audit trails.

  • Multi-factor authentication enforced
  • Role-based access control (RBAC)
  • Just-in-time production access
  • SSO via SAML and OpenID Connect
04

Penetration Testing & Vulnerability Management

External penetration tests are carried out annually by accredited third parties. Our development team runs continuous dependency scanning and remediates findings under strict SLAs.

  • Annual third-party penetration testing
  • Continuous dependency and container scanning
  • Vulnerability remediation under strict SLAs
  • Responsible disclosure program
05

Incident Response & Monitoring

Our observability stack provides real-time monitoring and alerting across every tier of the architecture. Incident response operates 24/7 with defined severity-based SLAs.

  • 24/7 incident response with on-call rotation
  • Real-time monitoring and alerting
  • Structured incident postmortems
  • Severity-based response time SLAs
06

Application Security

Security is built into our development lifecycle. Code reviews, static analysis, and automated testing are required before any change reaches production.

  • Mandatory code review for all changes
  • Static analysis and linting in CI
  • Input validation at all system boundaries
  • Secure-by-default framework configuration
07

Security Governance

Our security governance framework covers information security policy, acceptable use, disaster recovery, and system access controls. Policies are reviewed and updated regularly.

  • Comprehensive security policy framework
  • Annual disaster recovery testing
  • Employee security awareness training
  • Regular policy review cycles
08

Participant & Expert Data Protection

Expert and participant data is protected with the same rigor as customer data. Identity verification, attestation data, and interview recordings are stored with strict access controls and encrypted at rest.

  • Encrypted storage for identity verification data
  • Granular consent management
  • Attestation data access-controlled per study
  • Interview recordings encrypted and access-logged

Questions about security?

Our team is happy to walk through our security practices, share compliance documentation, or discuss your specific requirements.

Contact UsPrivacy Policy
© 2026 All Rights Reserved by Terac