Security at TrialForge

Last Updated: July 19, 2026

TrialForge is a clinical trials intelligence platform built on public registry data and our own proprietary classifications. Our security posture is light by design: we hold no patient data, no protected health information, and no payment card data, and we keep only the limited customer data needed to run the product. Your data is never sold, never shared with other customers, and never used to train models.

Encryption and access

Customer data is encrypted in transit and at rest, access follows least privilege, and the platform runs behind enterprise edge protection. Any payments are handled by a PCI compliant processor, so card details never touch our systems.

AI

TrialForge uses commercially licensed foundation models under enterprise API terms. We do not train or fine-tune models on your data, and our AI providers are contractually prohibited from training on it. Your questions are confidential and never exposed to other customers. AI-generated classifications are validated against fixed category schemas, with low-confidence cases routed to human review.

Compliance

We publish our roadmap honestly. TrialForge is pre-audit today, with a data posture that is genuinely light: public registry data, no protected health information. We begin a SOC 2 Type 1 engagement when our first enterprise contract requires it, with Type 2 to follow. Completed CAIQ and SIG Lite security questionnaires, and our Data Processing Agreement with the current subprocessor list, are available on request. For how we handle personal data, see our privacy policy.

Frequently asked questions

Does TrialForge store patient data or protected health information?

No. TrialForge is built on public clinical trial registry data. We hold no patient data and no protected health information, and any payments are processed by a PCI compliant provider, so card details never touch our systems.

Do you use my data to train AI models?

No. We do not train or fine-tune models on your data, and our AI providers are contractually prohibited from training on it. Your questions stay confidential and are never exposed to other customers.

Is TrialForge SOC 2 certified?

We are pre-audit today, by design: we handle public registry data with no protected health information, so our risk is genuinely lighter. We begin a SOC 2 Type 1 engagement when our first enterprise contract requires it, with Type 2 to follow.

How is my data protected?

Customer data is encrypted in transit and at rest, access follows least privilege, and the platform runs behind enterprise edge protection.

Can I get your security documentation?

Yes. Completed CAIQ and SIG Lite questionnaires, and our Data Processing Agreement with the current subprocessor list, are available on request at support@trialforge.app.

Contact

Security questions and vulnerability reports: support@trialforge.app.

See how teams across biopharma defend their next pipeline call with TrialForge

Book a demo