Technical and Security Overview — Peopletree Group for CompleteRx

Infrastructure and Security

Technical Architecture

The platform is hosted on enterprise cloud infrastructure with a layered security model covering infrastructure, application, data, and AI processing.

🏠 Infrastructure and Hosting

The platform is hosted on AWS with multi-region redundancy. All infrastructure is managed by Peopletree Group's technical team and subject to annual third-party security audits.

AWS cloud infrastructure (multi-region)
99.9% uptime SLA
Automated backups with 30-day retention
DDoS protection and WAF enabled

🔒 Authentication and Access

Access to the platform is controlled through role-based access control (RBAC) with multi-factor authentication (MFA) required for all HR administrator accounts.

SSO support (SAML 2.0, OAuth 2.0)
MFA required for admin accounts
Role-based access control (RBAC)
Session timeout and audit logging

📄 Data Security

All data is encrypted at rest (AES-256) and in transit (TLS 1.3). Assessment data and personal information are stored in isolated, access-controlled environments.

AES-256 encryption at rest
TLS 1.3 encryption in transit
Data isolation per client environment
No PII shared with third-party services

🤖 AI Processing

The TAILA AI coaching assistant processes assessment data within the Peopletree Group environment. No assessment data is sent to external AI providers without explicit consent.

AI processing within Peopletree environment
No data sent to external LLM providers without consent
Responsible AI framework applied to all outputs
Human review available for all AI-generated recommendations

🔍 Monitoring and Governance

The platform includes real-time monitoring, anomaly detection, and a formal incident response process. All access events are logged and available for audit review.

Real-time security monitoring
Anomaly detection and alerting
Formal incident response process (24-hour SLA)
Full audit log available to HR administrators

⚖ Compliance

The platform is SOC 2 Type II certified, covering Security, Availability, and Confidentiality trust service criteria. Certification is maintained through annual third-party audits.

SOC 2 Type II certified (Security, Availability, Confidentiality)
GDPR compliant (EU data subjects)
CCPA compliant (California residents)
Annual third-party security audit

Roles and Responsibilities

Data Ownership and Responsibilities

The following table clarifies the roles and responsibilities for data ownership, access, and security between CompleteRx and Peopletree Group.

Area	CompleteRx Responsibility	Peopletree Group Responsibility
Data Ownership	Owns all participant data and assessment results	Processes data on behalf of CompleteRx as data processor
Access Control	Nominates HR administrator and approves participant access	Provisions accounts and enforces RBAC policies
Data Retention	Defines retention period (default: 3 years)	Applies retention policy and manages secure deletion
Incident Response	Notified within 24 hours of any security incident	Leads incident response and remediation
Compliance	Responsible for internal compliance and participant consent	Maintains SOC 2 certification and platform compliance

Technical Enquiries

For technical or security questions about the Peopletree Group platform, please contact the technical team directly. Initial enquiries can be directed through the project team.

Technical contact: rob@peopletreegroup.com

Rob Heymann, Head of Technology, Peopletree Group

Platform Security and Infrastructure

Platform Security Summary