Your financials and IP, handled with care
An R&D study touches sensitive data — payroll, source code, financials, and trade secrets. We treat confidentiality as a felt promise, backed by concrete, enterprise-grade safeguards.
Concrete controls — not slogans
The protections below describe how we actually handle your data.
Encryption in transit & at rest
Data is encrypted with TLS in transit and encrypted at rest — bank-level encryption applied throughout.
Least-privilege access
Access is granted on a need-to-know basis with strong authentication, so only the right people can reach your data.
Data minimization
We collect only what a study actually requires — nothing speculative — and segregate each client’s data.
Your data isn’t AI training data
Your confidential information is never used to train public or third-party AI models. It’s used only to perform your study.
Audit logging
Sensitive actions are logged, giving a reviewable record of access and activity across the platform.
Secure document handling
Documents are stored, transmitted, and processed under controlled, access-restricted workflows.
Retention & deletion
We follow a defined retention and deletion policy and can remove your data on a documented schedule.
Segregated environments
Client data is logically segregated, and production access is restricted and monitored.
AI helps us work faster — not at your privacy’s expense
AI accelerates intake, document parsing, and drafting. But it runs under governance: access is controlled, usage is metered and logged, and your confidential data is never used to train public or third-party models.
Qualification decisions, QRE amounts, and the final figures are made by people — and reviewed and signed by a licensed CPA.
Our commitments
- Your data is used only to perform your study
- No training of public/third-party AI on your data
- Least-privilege access with strong authentication
- Encryption in transit and at rest
- Defined retention and deletion
Where we are — stated honestly
We build to practices aligned with widely recognized security frameworks, and — because R&D studies involve taxpayer data — we take the safeguarding expectations that apply to tax professionals seriously, including written information-security practices.
On certifications: a formal SOC 2 examination is on our roadmap. We describe it as a commitment, not a completed certification — we won’t claim a certification we don’t hold. We also don’t claim any system is “100% secure” or “unhackable”; no one can. What we offer is rigorous, defensible safeguards and transparency about them.
Have a security questionnaire, a vendor review, or specific requirements? We’re happy to walk through our controls. Email info@ricercacredit.com.