Governance & Security

Security & Compliance Framework.

Every data operation we run—from AI evaluation to localization—operates within strict governance boundaries designed for enterprise procurement requirements.

Data Handling Approach

Client data never leaves controlled environments. All annotation, review, and linguistic operations run inside access-controlled sandboxes with logging, audit trails, and role-based permissions.

We do not use client data for model training, benchmarking, or any secondary purpose. Data is processed strictly for the contracted engagement scope and securely deleted upon project completion or client instruction.

Core Principles

  • No secondary data usage
  • No model training with client data
  • Encrypted transit and storage
  • Time-bound data retention
  • Audit-logged access controls

GDPR Compliance

Our European operations adhere to the General Data Protection Regulation. Personal data processing is minimized, lawful bases are documented, and data subject rights are honored across all engagement types.

Cross-border data transfers follow Standard Contractual Clauses (SCCs) and supplementary safeguards appropriate to the data sensitivity and jurisdiction involved.

Access Controls & Sandboxing

Isolated Environments

Each client project runs in a compartmentalized sandbox. Reviewers access only their assigned data scope.

Role-Based Access

Functional roles determine data visibility. Quality leads, annotators, and project managers have different access levels.

NDA Enforcement

All reviewers and operators sign project-specific NDAs before data exposure. Compliance is tracked and auditable.

QA Governance Layers

Quality is not an afterthought. Our three-tier QA escalation model (L1 execution → L2 calibration → L3 audit lock) enforces consistency across all modalities and languages.

Inter-annotator agreement metrics, blind random sampling, and decoupled quality teams ensure that no delivery payload exits our system without statistical quality validation.

L1 — In-country execution with localized policy alignment
L2 — Senior SME calibration for edge-cases and ambiguity
L3 — Independent audit lock with statistical quality gate

Confidentiality & NDA Framework

Every team member — from project managers to individual annotators — operates under binding confidentiality agreements. We support client-specific NDA templates and can integrate with your existing vendor security requirements.

Certifications & Standards

Triple ISO-certified operations with enterprise-grade compliance controls.

ISO 17100
Translation services (certified)
ISO 9001
Quality management (certified)
ISO 27001
Information security (certified)
ISO 18587
Post-editing processes
SOC 2
Operational controls
GDPR
Data protection

Client Data Lifecycle

Data enters our system through encrypted channels, is processed within an isolated sandbox, undergoes governed QA validation, and is delivered via client-approved output mechanisms. Post-delivery, data is retained only per client-defined retention policy and securely purged upon expiration.

Questions about our governance approach?

Our operations team can walk through specific security requirements for your engagement.