Security, Privacy & Regulatory Readiness

Skaldi stores customer data in secure, logically isolated environments with layered security controls.

Core security measures include:

• •Encryption of data in transit and at rest
• •Role-based access controls
• •Logical isolation between customer environments
• •Restricted administrative access
• •Continuous monitoring of infrastructure and access activity

Security controls are designed to support enterprise clinical workflows while minimizing unnecessary data exposure.

Protecting the confidentiality of clinical and regulatory data is fundamental to Skaldi's operation.

• •Customer data is never shared between tenants
• •Clinical content generated for one customer is not reused for others
• •Access to data is limited to authorized users within each organization
• •Customer data is processed solely to deliver the Skaldi service

Skaldi does not sell, license, or otherwise monetize customer data.

Skaldi uses AI systems to assist with the drafting, structuring, and consistency validation of clinical documentation.

Key principles of AI usage:

• •AI processing is performed via secure enterprise-grade APIs
• •Inputs are processed transiently to generate outputs
• •Customer data is not used to train public foundation models
• •No cross-customer learning or content reuse occurs

AI functions as an assistive capability within controlled workflows. Final responsibility for document content remains with the customer.

Skaldi is designed to support documentation workflows aligned with established clinical research standards and regulatory expectations, including:

• •ICH-GCP principles (including ICH E6)
• •FDA clinical research documentation expectations
• •EMA clinical trial guidance
• •Audit-ready documentation practices

The platform focuses on consistency, traceability, and review readiness, not on replacing regulatory or medical judgment.

Skaldi supports internal review and regulatory audit processes through:

• •Role-based access management
• •Document version history
• •Change tracking with user attribution
• •Structural consistency across related documents

These capabilities are intended to support quality management and regulatory submissions.

Skaldi is built with enterprise compliance requirements in mind.

• •Security architecture and internal controls are designed to align with SOC 2 principles
• •The platform is progressing toward SOC 2 Type II readiness
• •Data handling practices are designed with GDPR considerations in mind

Formal certifications are pursued as the platform scales and in coordination with enterprise customers.

Skaldi is intended for use by qualified clinical, medical, and regulatory professionals. The platform does not provide medical advice and does not replace professional judgment, regulatory review, or sponsor responsibility.

Organizations with additional security or compliance requirements are encouraged to contact us to review Skaldi's architecture, controls, and roadmap.