Trust & Security

Security built in.
Not bolted on.

Your qual research platform should be something you can trust absolutely. We've embedded enterprise-grade security, privacy and regulatory compliance into every layer of Qualzy - from participant interaction to data analysis.

Visit Trust Centre ↗ Book a Discovery Call
ISO
27001 Certified
Information Security
AES
256-bit Encryption
at rest & in transit
3
Data Residency
Regions
ISO 27001

The international gold standard
for information security

Qualzy is proudly ISO 27001 certified - independently audited and continuously monitored. This is not a self-certification or a checklist exercise. ISO 27001 requires rigorous external audit and ongoing surveillance to maintain.

"We invested in the process globally and ultimately crossed the line following months of rigorous review led by our CIO."

The certification covers our entire information security management system: how data is handled, stored, accessed, and protected across the platform.

ISO 27001:2022
Information Security Management
  • Independently Audited
  • Continuously Monitored
  • Annual Surveillance Audits
  • Full ISMS Coverage
Certified since 2023 · Web Creator Suite LLC

For agencies working with larger organisations, meeting procurement requirements often includes demonstrating ISO 27001 compliance. Qualzy's certification means you don't have to choose between the best research tool and the one that passes procurement.

Data Security

Encrypted at rest.
Encrypted in transit.

AES-256 Encryption at Rest

All data stored in Qualzy is encrypted using AES-256 - the same standard used by governments and financial institutions worldwide. Your participants' data is protected at every layer of storage.

TLS 1.2+ in Transit

All data moving between participants, researchers, and Qualzy servers is encrypted via TLS 1.2 or higher. Every connection - from participant upload to researcher analysis - is secured in transit.

Real-Time Threat Monitoring

Always-on monitoring, firewalls, anti-malware, and regular penetration testing. Threats are detected and mitigated before they become incidents - not after. Our security posture is active, not reactive.

Global Compliance

Built for the markets you work in

Qualzy operates across the UK, US, and Australia. Our compliance programme reflects the regulatory landscape of every market we serve - so you can field research with confidence wherever your clients are.

UK & EU GDPR

Full compliance with UK and European data protection regulations. Data processing agreements available on request. Participant consent is managed within the platform, with a full audit trail.

Data Processing Agreements Available

CCPA

California Consumer Privacy Act compliant. US-based participant data is handled in accordance with CCPA requirements, including the right to know, delete, and opt out.

US Data Residency Available

Australian Privacy Act

Compliant with Australian privacy legislation. Australia-based data residency is available for projects requiring in-country data storage - critical for many government and enterprise engagements.

Australia Data Residency Available

COPPA

Children's Online Privacy Protection Act compliant. Qualzy does not permit collection of data from participants under 13 without appropriate safeguards in place, protecting both researchers and respondents.

Under-13 Safeguards in Place

HIPAA

Health Insurance Portability and Accountability Act compliant. Qualzy supports healthcare and pharma research teams with appropriate safeguards for handling protected health information.

Healthcare Research Supported
Infrastructure

World-class infrastructure.
Three regions.

Primary Hosting Amazon Web Services (AWS)
Technology Partners Google Cloud · OpenAI · Microsoft
Data Residency United Kingdom · United States · Australia

Choose where your data is hosted based on your clients' requirements. Data residency selection is available at project level - so different projects can satisfy different client obligations simultaneously.

United Kingdom
EU & UK data residency
AWS Hosted
United States
US data residency
AWS Hosted
Australia
APAC data residency
AWS Hosted

Our infrastructure partners - AWS, Google Cloud, OpenAI, and Microsoft - are each subject to their own rigorous security certifications. Qualzy sits on top of the most trusted cloud infrastructure in the world.

Access Control

The right people see
the right data

Qualzy's access model is designed for the complexity of real research engagements - where multiple stakeholders, clients, and moderator teams need different levels of visibility.

Multi-Factor Authentication

Required for all admin and researcher accounts. MFA adds a critical extra layer of protection - even if credentials are compromised, accounts remain secure.

Role-Based Access Control

Moderator, observer, recruiter, and admin roles - each with distinct permission levels. Assign the right access to the right person without sharing more than is needed.

Observer-Only Access

Client stakeholders can be given read-only observer access to live fieldwork - seeing exactly what they need without any moderator permissions. Perfect for end-client engagement during fieldwork.

Custom Permission Controls

Fine-grained permissions at project and participant level. Control exactly who can see which participants, activities, and data - down to the individual response if required.

China-Ready

Research in China, without the technical barriers

Many platforms simply don't work reliably in mainland China due to network restrictions. Qualzy operates a dedicated proxy infrastructure for China access - ensuring stable, fast connections for participants and researchers in mainland China, without requiring any special software or configuration.

"The most stable research platform"

In-country moderator working in mainland China
No speed or accessibility issues

Consistent, reliable access reported across mainland China - no VPN required for participants.

App-free, browser-based participation

Participants access via a link in any browser on any device. No app to install - critical for in-China compliance and reducing technical friction.

Privacy-compliant throughout

Data handled in compliance with relevant privacy regulations for participants in mainland China and the regions they operate in.

Trust Centre

Everything in one place:
the Trust Centre

Qualzy's Trust Centre at trust.qualzy.com is a dedicated hub for ongoing compliance documentation, security policies, audit certificates, and real-time security monitoring. Available to clients and prospects on request.

Visit Trust Centre ↗ Talk to our team