Trust Centre
A single place to understand how TamRx is built and operated: our security controls, infrastructure, data protection posture, AI transparency and how to report a vulnerability. We describe what is implemented today and distinguish it clearly from planned roadmap items.
- Version
- 1.0
- Effective
- 28 June 2026
- Last reviewed
- 28 June 2026
- Owner
- TamRx Ltd — Security & Compliance
1. Overview
TamRx is built for regulatory professionals, medical device and AI companies, and the organisations that work with them. We take a deliberate, proportionate approach to security and data protection appropriate to a platform handling product- and device-level regulatory information. This Trust Centre summarises our approach; the linked documents provide detail.
2. At a glance
Security
Encryption in transit, authenticated access, role-based access control on managed infrastructure, monitoring and error diagnostics.
Infrastructure
Operated on established cloud platforms — Vercel, Supabase and Google Cloud — that maintain their own recognised security and compliance programmes.
Availability
Delivered through managed, globally distributed cloud infrastructure designed for resilience. We monitor errors and performance and aim for high availability without guaranteeing uninterrupted service.
Authentication
Sign-in via Microsoft, Google or email, using our authentication provider. Credentials are not stored in plaintext by TamRx.
Encryption
Data is encrypted in transit using TLS. Data held in our managed database and storage is encrypted at rest by the underlying platform.
Data protection
We process personal data under the UK GDPR, with defined lawful bases, sub-processor agreements and data-subject rights.
AI transparency
We explain what our AI does and does not do, its limitations, and the human review every output requires.
Responsible disclosure
We welcome good-faith security reports and provide a dedicated contact for vulnerabilities.
3. Data protection
TamRx Ltd is the data controller for personal data processed through the Service. We process data in accordance with the UK GDPR and the Data Protection Act 2018, rely on defined lawful bases, and engage sub-processors under appropriate data processing agreements. The Service is designed to operate on de-identified, device- and product-level information, and we ask users not to submit identifiable patient data. Full detail is in our Privacy Policy.
4. AI transparency
The Service uses AI to assist with regulatory reasoning and document drafting. It is decision-support software, not a source of legal, medical or regulatory advice, and every output requires human review before use. Our AI Transparency Statement explains the model providers we use, the limitations of AI output, and your responsibilities.
5. Responsible disclosure
If you believe you have found a security vulnerability, please report it in good faith to security@tamrx.co.uk. Please give us a reasonable opportunity to investigate and remediate before any public disclosure, and avoid accessing or modifying data that is not yours, degrading the Service, or disrupting other users. We will acknowledge legitimate reports and keep you informed of our progress.
6. Roadmap
We are committed to strengthening our security and assurance posture as we grow. Items under consideration on our roadmap include formal security certification, expanded audit logging and retention controls, configurable data residency, automated input minimisation for special category data, and a published sub-processor change-notification process. Roadmap items are aspirational and should not be relied upon as current controls.
7. Security contact
For security and trust enquiries, including procurement and due-diligence questions, contact security@tamrx.co.uk.
