Compliance & Security
Built for regulated industries with enterprise-grade security
Your data security is our priority
Our Compliance Framework
TrainBox is designed with compliance at its core, meeting the rigorous standards required by life sciences and regulated industries.
Data Protection
We comply with GDPR and other applicable data protection regulations, ensuring your personal and training data is handled responsibly.
Security Standards
Our platform implements industry-leading security measures including encryption, access controls, and regular security audits.
Industry Compliance
Designed with life sciences and regulated industries in mind, our platform supports compliance with pharmaceutical and healthcare training requirements.
Infrastructure
Hosted on enterprise-grade cloud infrastructure with high availability, disaster recovery, and data redundancy built in.
Security Measures
We implement comprehensive security measures to protect your data and ensure the integrity of our platform.
Security Certifications & Standards
ISO 27001 Aligned
Information security management practices
GDPR Compliant
Full compliance with EU data protection regulations
SOC 2 Type II
Third-party audited security controls
UK Data Protection Act 2018
Compliant with UK data protection requirements
Your Data Rights
Under GDPR and applicable data protection laws, you have the following rights regarding your personal data.
Right to Access
Request a copy of the personal data we hold about you
Right to Rectification
Request correction of inaccurate or incomplete data
Right to Erasure
Request deletion of your personal data in certain circumstances
Right to Restriction
Request limitation of processing of your personal data
Right to Portability
Receive your data in a structured, machine-readable format
Right to Object
Object to processing of your personal data for certain purposes
To exercise any of these rights, please contact our Data Protection Officer at privacy@trainbox.ai
Data Processing & Storage
Where We Process Data
TrainBox processes and stores data primarily within the United Kingdom and European Economic Area (EEA). Where data is transferred outside these regions, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.
Sub-Processors
We work with carefully selected third-party service providers (sub-processors) to deliver our Services. All sub-processors are bound by data processing agreements that meet GDPR requirements. A list of our current sub-processors is available upon request.
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Training data and performance metrics are retained for the duration of your subscription plus a reasonable period to allow for data export requests. Specific retention periods can be discussed and customised as part of enterprise agreements.
AI Training Data
By default, TrainBox does not use customer training sessions to train our AI models without explicit consent. Enterprise customers have full control over whether their anonymised data may be used to improve the platform. Any such data is aggregated and anonymised before use.
Life Sciences Compliance
TrainBox is built to support the unique compliance requirements of pharmaceutical, medical device, and healthcare organisations.
Training Documentation
- Complete audit trail of all training activities
- Timestamped completion records
- Exportable training records for compliance audits
- Integration with Learning Management Systems (LMS)
Content Control
- Review and approval workflows for training scenarios
- Version control for training content
- Configurable guardrails for AI responses
- Custom compliance rule sets per organisation
Get in touch
Ready to explore how TrainBox can help your team? Fill out the form and we'll be in touch within 24 hours.