Trust, security, and compliance
How InnoEco protects your data — role-based access, escrow-protected payments, audit trails, and our compliance roadmap.
Built for high-trust life-science work
InnoEco handles sensitive research scopes and commercial transactions between clients and CROs. The platform is designed around least-privilege access, escrow-based payment protection, and a complete audit trail. Below is exactly what is live today and what we are working toward — stated honestly.
What protects your data today
Role-based access control
Every workspace is scoped by role (client, CRO, admin). Users only see the proposals, invoices, payments, and projects they own or are party to.
Escrow-protected payments
Client funds are held by InnoEco and released to the CRO only after the engagement is confirmed — payments never move directly between parties without oversight.
Auditable workflow history
Proposal, invoice, payment, and project state changes are recorded as immutable, timestamped events with the acting user for traceability.
Secure sessions
Sessions use signed, HTTP-only cookies with server-side validation and expiry. Payment webhooks are signature-verified and idempotent.
Verified payment providers
Online payments are processed through established providers (Stripe, PayPal). InnoEco does not store raw card details.
Vetted provider network
CROs complete a structured onboarding and admin review before their capabilities become discoverable for matching.
Compliance roadmap
We believe in being transparent about where we are. These standards are in progress or available on request — we do not claim certifications we have not completed.
Questions about security or a DPA?
Our team is happy to walk through our controls, share documentation, or discuss your compliance requirements.