Flywheel Compliance Information and Resources

At Flywheel we understand that data privacy, security, and compliance are non-negotiable for researchers in healthcare and life sciences. We’re committed to providing our customers and partners with a platform that is engineered for the regulatory compliance your research demands.

Schedule a meeting

Secure Collaboration and Data Sharing for Imaging Research

Life Sciences Icon

Regulatory Compliance

Flywheel’s secure projects enable you to manage collaboration in compliance with IRB requirements, HIPAA, GDPR, GCP, and 21 CFR Part 11. Our re-identification tools allow you to identify and purge data for research subjects if requested. Our audit trails, digital signatures, and approval workflows ensure tracking and authorization.

Clinical Research and Imaging Research Icon

Data Privacy and Access Controls

Flywheel’s secure, access-controlled projects allow for data and algorithm sharing with internal and external collaborators. Manage privileges with a role-based permission model to ensure that only approved collaborators can access and modify data.

Clinical Research and Imaging Research Icon

Multisite Security

Our federated identity service makes it easy to invite external collaborators to your Flywheel project while ensuring proper security. Flywheel’s data curation platform is integrated with research access federations featuring 4,000 leading research institutions around the world to simplify user authentication. The federations include InCommon, EduGain, OrcID, the Australian Access Federation, and more.

Flywheel is SOC 2 Audit Certified

As a SOC 2 audited organization, our commitment to data security is paramount. By meeting these auditing criteria, we ensure that our data procedures and systems meet the highest standards of security, availability, processing integrity, confidentiality, and privacy.

Enabling Compliance with HIPAA, GDPR, 21 CFR Part 11, & GCP


Flywheel integrates de-identification in a way that meets the needs of projects with different requirements while maintaining compliance. Administrators may set custom de-identification rules that remove PHI from imaging data, EMR and more. Our de-identification options unleash the value of clinical data for your researchers.


Flywheel Core provides the functionality for users to conduct research and collect data following GDPR guidelines. We have robust and flexible features to support de-identification of data, and we also provide options that enable customers to remove a research subject’s data if requested.

21 CFR Part 11

Flywheel can provide users with a fully validated data repository with extensive functionality for secure data collection, including user access controls, audit trails, digital signatures, and the ability to de-identify data upon ingestion. Our technology provides data privacy and governance capabilities to ensure audit readiness and meet regulatory guidelines.


Flywheel offers thoroughly validated and reliable solutions for managing clinical trial data in accordance with international standards. Flywheel provides a fully configurable toolset for audit trails, data reporting, QC checks, user governance, automated de-identification, and cohort randomization. Admins may retain the ability to securely re-identify patients for data deletion.


Schedule an intro call for a 30 minute demo