The following security measures are in place across Iguality's operations:
- Two-step verification (2FA) is enabled on all tools that support it. Where available, Single Sign-On (SSO) is used as an alternative.
- Access controls are strictly limited. Only authorised team members have access to databases, beneficiary data, and sensitive documents. Access is granted on a need-to-know basis and reviewed when team members leave or change roles.
- Data encryption is applied in transit and at rest across all primary storage tools (KSuite, Airtable, Jottacloud, Fillout).
- Regular backups are performed to prevent data loss. In the event of an incident, data recovery procedures are in place.
- All data processed through AI are anonymised. Real names and identifying details are not be entered into any AI tool. Refer to individuals as "patient", "user", or "volunteer".
- Data minimisation is applied throughout: we only collect and store what is strictly necessary for our operations.
- Data breach response: In the event of a breach, Iguality will assess the risk, notify affected individuals, and report to the relevant supervisory authority within 72 hours where required under GDPR.
For further detail, refer to our Política de privacitat.