The following security measures are in place across Iguality's operations:
- Two-step verification (2FA) is enabled on all tools that support it. Where available, Single Sign-On (SSO) is used as an alternative.
- Access controls are strictly limited. Only authorised team members have access to databases, beneficiary data, and sensitive documents. Access is granted on a need-to-know basis and reviewed when team members leave or change roles.
- Data encryption is applied in transit and at rest across all primary storage tools (KSuite, Airtable, Jottacloud, Fillout).
- Regular backups are performed to prevent data loss. In the event of an incident, data recovery procedures are in place.
- All data processed through AI are anonymised. Real names and identifying details are not be entered into any AI tool. Refer to individuals as "patient", "user", or "volunteer".
- Data minimisation is applied throughout: we only collect and store what is strictly necessary for our operations.
- Data breach response: In the event of a breach, Iguality will assess the risk, notify affected individuals, and report to the relevant supervisory authority within 72 hours where required under GDPR.
For further detail, refer to our Πολιτική απορρήτου.