In-Touch Apps and the In-Touch Mobile Platform is designed for data security by default:

• In-Touch secure-provisioned devices are locked down for single-purpose use
• No private data is stored in plain text on remote devices, even when operating offline.
• Records collected by In-Touch Apps are encrypted at time of capture using public key technology, and can only be decrypted once received by the In-Touch Apps data center
• Highly sensitive data can be encrypted to your own public key, keeping it encrypted even as it passes through the In-Touch Apps data center
• In-Touch Apps Data Director allows role-based access to raw data and contact information collected from respondents
• In-Touch Apps Data Director logs all raw data downloads and activity can be reviewed by the program administrator
• True multi-tenant hosting means collected records are kept separate on a program-by-program basis; data-tier is physically separate from web-tier infrastructure
• In-Touch custom data integration services support all popular secure data transfer protocols (HTTPS/FTPS/SFTP) and PGP file encryption
• Managed data is only shared to individuals explicitly mentioned in the Project Statement of Work or Third-Party Data Sharing Agreement, with no exceptions
• In-Touch can create, manage and provision custom device images that can be audited and approved by your InfoSec team or designated third-party auditor
• Our infrastructure is vulnerability-scanned and backed up on a daily basis
• Access to production environment is restricted to designated individuals
• Development and preproduction activity occurs on a separate infrastructure