Skip to main content
Customers use the Seal Platform to capture and securely store sensitive research data, including the data that drives new discoveries and patented product development. Seal respects the sensitivity of such data, and so ensures that systems and procedures are in place for maintaining data in a secure manner. Seal does not access customer data except when required for implementation and support. Any data accessed for these purposes is removed from internal systems once the work is complete.

GDPR considerations

GDPR imposes strict rules on how personal data is collected, stored, and processed. Any type of data that can be linked to an identifiable individual — such as names, email addresses, IP addresses, or even device identifiers — falls under GDPR’s regulations, if it pertains to EU residents. It is worth noting that GDPR places additional restrictions on certain categories of personal data which are considered more sensitive. The sensitive nature of these categories mandate for stronger controls to safeguard individual privacy. See the GDPR official text for more information.

Confidentiality scope and agreement

Pre implementation and onboarding, expectations are set out regarding data confidentiality and privacy between the Data controller and Data processor.
  • Data controller: the customer, who may be tied to other contractual agreements with other organisations
  • Data processor: Seal
As an example, the data controller will need to identify various types of information, such as (but not limited to):
  • Personal data and data subjects: this includes information that relates to individuals or groups who can be directly or indirectly identified
  • Data processing: any action that will be performed on the data, whether automated or manual
  • Purpose limitation: processing of data for legitimate purposes according to what is defined by the data controller
  • Storage limitation: storage of data for as long as necessary for the specified purpose
  • Laws under which the data is governed under
If necessary, a Data Processing Agreement (DPA) may be drafted. This agreement will rely on transparency from both the data controller and processor to understand their obligations under data protection regulations.

Configuring the Seal Platform

During the implementation phase, customers may also utilize anonymized or dummy data to test workflows, integrations, and functionality without exposing real, sensitive information. This approach allows you to validate configurations and train users without exposing real data.
  • Anonymized data -> mirrors actual data structure but removes any personal identifiers
  • Dummy data -> generated to simulate typical user inputs or transactional information.
By using the above data types, customers can confidently validate configurations, troubleshoot potential issues, and conduct user training sessions without potentially risking data security. Seal processes personal data only on behalf of customers and according to their instructions. Customers are responsible for ensuring that any data shared complies with applicable regulations.

Post implementation support

Customers maintain full ownership and oversight of their data within the Seal Platform. During support, or when further configuration assistance is required, customers should grant access permissions to the Seal Team to enable Seal Support to view or interact with the platform, for troubleshooting purposes.

Data protection

Seal complies with applicable data protection laws and can provide documentation for privacy assessments and audits. Additional security controls are available on request. See Data storage and security and Backup and disaster recovery for more information.
Any questions or privacy inquiries?Email [email protected].