Your IP, your work, yours alone.
Every engagement starts with the same legal foundation. The regulatory work we do for your device belongs to you, the submissions we draft go on your letterhead, and the people who touch any of it are contractually bound to confidentiality from the day they start.
- Contractual IP assignment in force from day one, covering every device-specific deliverable produced under the engagement
- Mutual confidentiality covering both parties, with binding obligations on every employee, consultant and agent who touches the work
- Predictable terms, no automatic renewals, no surprise renewal pricing
- Plain, direct contracts available to review in full before you sign
Your data, kept safe.
We handle regulated medical data, so we treat security the way regulators do, as a baseline rather than a feature. Our practices are aligned to ISO 27001, our infrastructure is reviewed by independent testers, and the legal protections sit alongside the technical ones rather than behind them.
- Customer data encrypted in transit using TLS 1.2 or higher, and at rest using industry-standard algorithms
- Role-based access controls with multi-factor authentication on every administrative account, plus logging of access and sensitive actions
- Annual independent penetration testing and continuous vulnerability scanning, with documented remediation timelines
- Information security practices aligned to ISO 27001
- Full GDPR, UK GDPR and Swiss FADP coverage through our Data Processing Agreement, including Standard Contractual Clauses for international transfers
- HIPAA Business Associate terms in place when Protected Health Information is involved
- All sub-processors listed publicly, with 14 days written notice before any change
- Personal data breaches reported without undue delay, with data deletion or return within 180 days of contract end and customer audits available on reasonable notice