Client data is encrypted, access-controlled, and stored in compliance with institutional information-security standards, including ongoing audits and penetration testing.