Security & Compliance

Security & Data Protection

How NoxReg protects your data and supports your compliance obligations

Infrastructure

Enterprise-grade security infrastructure

EU Data Residency

All data stored exclusively in Supabase EU West (Ireland). No data leaves the European Economic Area for storage.

Encrypted in Transit & at Rest

TLS 1.3 for all connections. AES-256 encryption at rest via Supabase's managed PostgreSQL.

Zero Trust Access

Row-level security enforced at the database layer. No employee can access subscriber data without an auditable reason.

Vercel Edge Network

Application served via Vercel's enterprise-grade global CDN with DDoS protection and automatic SSL.

AI & Data Processing

How we process data with AI

AI Processing

NoxReg uses Claude (Anthropic) to classify and summarise regulatory documents. Regulatory document text is sent to Anthropic's API. Anthropic processes data under their Data Processing Agreement. No personal subscriber data is sent to the AI model.

Sub-processors

ProviderPurpose
SupabaseDatabase, EU West
VercelHosting, global CDN
ResendTransactional email
AnthropicAI classification

Compliance

Designed for regulated environments

GDPR

Data Controller & Processor Obligations

NoxReg acts as both Data Controller (for subscriber accounts) and Data Processor (for regulatory content). A Data Processing Agreement (DPA) is available on request for Pro and Enterprise subscribers.

21 CFR Part 11

Electronic Records & Audit Trail

Audit trail logging for AI-generated records. Full generation logs including model version, prompt version, timestamp, and output hash. Available for Enterprise subscribers.

GVP Module I / PSMF

Pharmacovigilance System Documentation

A system description document is available for Pro and Enterprise subscribers to include NoxReg in their Pharmacovigilance System Master File, as required under GVP Module I.

EU AI Act

AI Content Transparency

NoxReg complies with Article 50 AI content transparency obligations. All AI-generated content — summaries, importance scores, action recommendations — is clearly labelled as AI-generated.

Documentation

Request compliance documents

Available for Pro and Enterprise subscribers. We typically respond within 1 business day.

Request DPA

GDPR Data Processing Agreement

Send request →

Request PSMF System Description

GVP Module I documentation

Send request →

Request Vendor Audit Questionnaire

GxP vendor qualification pack

Send request →

Security questions?

Our security team is available for questions, disclosure reports, and compliance inquiries.

security@noxreg.com