Bolt

Research infrastructure you can rely on

Bolt Intelligence is built on a foundation of enterprise-grade security, regulatory compliance, and responsible AI governance. From participant data handling to platform access controls, trust is engineered in, not just bolted-on.

Go to Trust Center
Platform security

Enterprise-grade from the ground up

Bolt Intelligence has achieved SOC 2 certification, covering independently verified controls across security, availability, and confidentiality. The platform is hosted on Amazon Web Services and protected by firewall segmentation, automated intrusion detection, and continuous network monitoring. Full security documentation is available through the Trust Center.

  • SOC 2 Certified

    Independent verification of controls covering access management, data integrity, and confidentiality. Reviewed on at least an annual basis.

  • Encryption at every layer

    All data is encrypted at rest and in transit using strong cryptographic protocols (HTTPS/TLS). Encryption keys are tightly controlled and accessible only to authorized personnel.

  • Role-based access control

    Access is granted on a least-privilege basis and reviewed at least annually. Production systems require unique credentials and multi-factor authentication. Access is revoked within 24 business hours when staff departs.

  • Continuous monitoring

    Automated vulnerability scanning runs at least quarterly on externally facing systems. Independent penetration testing is conducted periodically on production infrastructure.

  • Secure development lifecycle

    Development and testing environments are segregated from production. Automated code scanning checks for common vulnerabilities and open-source library issues before deployment.

  • Incident response

    A documented incident response plan covers identification, containment, and breach notification, including mandatory GDPR notification timelines and internal escalation procedures.

Data & Privacy

How participant data is handled

Bolt Intelligence operates as both a data controller and data processor under EU GDPR and UK GDPR. A dedicated Data Protection Officer oversees compliance.

  • GDPR and UK GDPR compliant

    Participant data is collected, processed, and stored in compliance with GDPR and UK GDPR. Personal data is classified by sensitivity, with research participant data treated as Confidential and subject to the highest level of protection. Data minimization is applied by default: the platform collects only what is necessary for the stated research purpose.

  • Data retention and deletion

    Personal data is retained only for as long as necessary to fulfil the research purpose or meet legal obligations. Media files (audio, video, and webcam recordings) are retained for one year and then automatically deleted. Clients are informed before any media is used outside of research purposes. Secure disposal procedures apply to both electronic records and physical media.

  • Data processing agreements

    We provide a full data processing schedule as part of client agreements, covering roles, obligations, and the specific personal data categories processed on each project. Sub-processors and third-party vendors are assessed for security compliance before engagement, and contractual GDPR commitments are in place throughout the supply chain.

  • Data Protection Officer

    Bolt has appointed a dedicated DPO in accordance with GDPR Articles 37 to 39. The DPO oversees the company's data protection strategy and has direct oversight of compliance activities, supported by senior management including the CTO.

  • Vendor and sub-processor controls

    Bolt maintains an inventory of critical suppliers and conducts at least annual reviews. Before engaging a new sub-processor, Bolt assesses the vendor's security measures and ensures GDPR-compliant data handling commitments are in place contractually.

  • Participant rights

    Respondents retain rights under GDPR including subject access requests, rectification, and deletion. Survey content and participant responses belong to the client on whose behalf the study is conducted. Panel participant personal identifiers are never shared with Bolt by panel providers.

Full Documentation

Privacy Policy | Technical and Organizational Measures | Trust Center

Responsible AI

AI you can audit and explain

Bolt Intelligence uses AI across moderation, analysis, persona generation, and reporting. Our approach centers on evidence-backed outputs, documented limitations, and human oversight at key decision points.

  • Evidence-backed outputs

    AI-generated insights, persona responses, and analysis outputs are anchored to source data. The platform will not extrapolate beyond what the participant data supports.

  • Human review where it counts

    For study types like UX research, a hybrid approach combining AI output and human expert review is recommended and supported within the platform workflow. AI assists; researchers decide.

  • Documented limitations

    We document known AI limitations (for example, task completion verification accuracy in UX testing) and provide clear guidance on where manual review is appropriate for high-stakes decisions.

  • Behavioral analysis disclosure

    Where video or audio responses are analyzed for behavioral patterns (emotion, tone, non-verbal signals), participants are informed. This analysis is conducted solely for market research purposes and never used for identification.

IIEX Europe ExhibitorIIEX Asia Pacific SponsorIIEX North America ExhibitorMRA memberESOMAR memberG2 #1 in Customer Service