ProofPilot How To

Trust in Privacy and Ethical Compliance

ProofPilot is committed to meeting regulatory requirements and exceeding where risk and ethical considerations warrant it.

Institutional Ethical Review Board (IRB)

All studies on ProofPilot must go through an IRB review process before launching to participants. An IRB is “an administrative body established to protect the rights and welfare of human research subjects recruited to participate in research activities conducted under the auspices of the institution with which it is affiliated.” This IRB review process often includes reviews of systems and procedures to ensure privacy and confidentiality of research subjects are maintained.

For organizations who have their own IRB, they may pass the study through that administrative process. For those organizations who do not have an IRB, ProofPilot has partnered with Veritas IRB to provide a third-party review automatically.

Regulatory Environment

ProofPilot maintains a continuous review for adherence to HIPAA and CFR Part 11. ProofPilot is happy to enter into a Business Associates Agreement for any customers at the Advanced or Organizational License Level.

Given that ProofPilot does send messaging to participants in research studies, as part of the informed consent process, (as reviewed by the IRB), participants are asked to consent to communications through these channels. As part of our messaging strategy, ProofPilot is adherent to CAN-SPAM and international equivalents.

Data Patriation

By default, all data is stored in an encrypted format in the United States. For international studies, ProofPilot can adhere to international data patriation requirements as per specific country requirements on request. Requests for storage outside Canada, the EU, Australia, Japan, South Korea, Singapore, and/or Brazil may incur additional costs.

In some cases, IRBs may make exceptions to data patriation requirements in the case that legal regulations do not protect the data from access by government actors and thus puts participants at risk. ProofPilot leaves this decision to the appropriate third-party ethical bodies and their customers. 

Ethical Best Practices and Guidance

ProofPilot also adheres to ethical best practice guidance provided by the Federal Trade Commission, the Electronic Frontier Foundation, and OpenHumans when they are not in conflict with US and International regulations.

Top Tier Infrastructure Providers

ProofPilot’s platform is hosted at Amazon Web Services (AWS) data centers, which are highly scalable, secure, and reliable. AWS complies with leading security policies and frameworks, including SSAE 16, SOC framework, ISO 27001 and PCI DSS.

EU – US Privacy Shield Framework

ProofPilot is starting a self-certification for Privacy Shield as part of our compliance with European Union data protection requirements.