Trust & Security

Security

Steradian is built for sensitive leadership input. We follow industry-standard practices for infrastructure hardening, encryption, access control, and anonymized reporting. We do not hold SOC 2, ISO 27001, or other third-party compliance certifications at this time.

Infrastructure

• AWS cloud hosting — Application and database run on Amazon Web Services in the United States.
• TLS 1.2+ in transit — All traffic to the platform is served over HTTPS with modern TLS configuration.
• Encryption at rest — Production data is stored in Amazon RDS with encryption at rest enabled.

Access & audit

• Role-based access — Platform, company, and campaign permissions limit who can view raw responses, run diagnostics, and administer accounts.
• Audit logging — Security-relevant events (authentication, administrative actions, and flagged activity) are logged for investigation and review.
• Session security — Production sessions use signed, HTTP-only cookies over HTTPS.

Reporting & anonymity

• Min-n thresholds — Team-level reports and analytics require minimum participation before aggregate results are shown, so individual responses cannot be inferred from small groups.
• Aggregate reporting — Executive reports surface team-level signals and discussion prompts; individual responses are not displayed as attributable to a person.

Data retention

Free trial: no credit card required. After 30 days, your data remains accessible in read-only mode for 90 days while you decide on a paid plan — consistent with our pricing page. Paid customers retain access for the duration of their subscription; deletion requests are handled per our Privacy Policy.

Security questions

For security inquiries, vendor questionnaires, or responsible disclosure, contact security@steradianinsights.com. For general product questions, use Contact.

Last updated: June 2026