SOC 2 Type II Infrastructure
ISO 27001 Certified
AES-256 Encryption
99.95% Uptime SLA
At Redwood Communication, we understand that the data you share with us -- employee perspectives, organizational challenges, and strategic priorities -- is sensitive and valuable. We take the responsibility of protecting that data seriously. Our platform is built on enterprise-grade infrastructure with security at every layer, so you can focus on what matters: aligning your team and moving forward.
The Collective Intelligence Portal runs on Google Cloud Platform via Firebase, one of the most secure and reliable cloud platforms in the world. Your data benefits from the same infrastructure that protects billions of users across Google's global services.
- Hosted on Google Cloud Platform with a 99.95% uptime SLA
- Infrastructure is SOC 2 Type II audited and ISO 27001 certified
- Data centers feature 24/7 physical security, biometric access, and video surveillance
- Automatic redundancy and disaster recovery across multiple geographic regions
- Regular third-party security audits and penetration testing by Google
All data is encrypted both at rest and in transit, ensuring it remains protected whether it is being stored or transmitted between your browser and our servers.
- Data at rest is encrypted using AES-256, the same standard used by financial institutions and government agencies
- Data in transit is protected with TLS 1.2+ (HTTPS), preventing interception during transmission
- All connections are enforced over HTTPS -- unencrypted HTTP requests are automatically redirected
- Database backups are encrypted using Google-managed encryption keys
The platform uses a role-based access control model that ensures each user only has access to the data and functionality they need.
- Platform Administrator -- full access to manage projects, participants, and results
- Guest Administrator -- client-facing read-only access to monitor project progress and view results
- Participant -- limited access restricted to their assigned project's idea submission and voting activities
- Each role has strictly defined permissions enforced at the database level through Firestore security rules
Every project operates in its own isolated data environment. There is no cross-contamination between clients or projects.
- Each project's data (ideas, votes, results) is logically isolated at the database level
- Participants can only access data within their assigned project
- Guest administrators only see the projects they have been explicitly granted access to
- Firestore security rules enforce isolation at every read and write operation
We use Firebase Authentication to manage identity and access. There are no shared passwords or generic logins.
- Administrator accounts use secure email and password authentication
- Participants receive unique access tokens that are tied to their specific project and identity
- No shared passwords or generic login credentials are used anywhere in the system
- Session tokens expire automatically and are validated on every request
Your data belongs to you. We do not monetize, share, or expose your organizational data to outside parties.
- Your data is never sold to third parties
- Your data is never shared with advertisers, data brokers, or analytics companies
- We do not use your data for AI training, marketing profiling, or any purpose beyond delivering your project results
- Only authorized Redwood Communication personnel involved in your engagement can access project data
We retain your project data only as long as it is needed to support your engagement and deliver results.
- Data is retained for the duration of your engagement plus 12 months to allow for follow-up analysis and reporting
- After the retention period, data is securely deleted from all systems
- You can request deletion at any time by contacting us -- we will remove your data within 30 days of your request
- Deletion is permanent and includes all project data, participant information, and generated reports
