Enterprise-Grade Security
Protecting your lab data with industry-leading security practices and compliance certifications.
Compliance & Certifications
🏛️
SOC 2 Type II
Independently audited annually for security, availability, processing integrity, confidentiality, and privacy controls.
🏥
HIPAA Ready
Infrastructure and processes designed to meet HIPAA requirements. Business Associate Agreement (BAA) available for clinical labs.
🌍
GDPR Compliant
Data residency options in EU/US, right to erasure, data portability, and transparent data processing policies.
Data Protection
🔐 Encryption Everywhere
- In Transit: TLS 1.3+ for all connections
- At Rest: AES-256 encryption for all stored data
- Database: Encrypted database volumes
- Backups: Encrypted daily automated backups
- File Storage: Encrypted S3-compatible object storage
💾 Backup & Recovery
- Frequency: Automated daily backups
- Retention: 30 days standard, custom retention available
- RTO/RPO: 4-hour recovery time, 1-hour data loss window
- Testing: Quarterly disaster recovery drills
- Geographic: Multi-region backup replication
🛡️ Infrastructure Security
- Hosting: AWS/Azure SOC 2 certified data centers
- Network: VPC isolation, private subnets
- Firewall: Web application firewall (WAF)
- DDoS: Cloudflare enterprise protection
- Monitoring: 24/7 intrusion detection
🔍 Audit Logging
- Immutability: Write-once audit logs
- Retention: 7 years minimum (configurable)
- Coverage: Every data access and modification
- Details: User, timestamp, IP, action, before/after
- Export: Searchable, exportable for regulatory review
Access Control
Role-Based Access Control (RBAC)
Granular permissions by role: Lab Director, Manager, Senior Tech, Technician, QA Specialist, Viewer. Each role has precisely defined capabilities.
- View/Create/Edit/Delete permissions per module
- Approval workflows for sensitive actions
- Custom role creation for Enterprise plans
- Temporary access grants with expiration
Authentication & Session Management
- MFA: TOTP (Google Authenticator, Authy)
- SSO: SAML 2.0, OAuth 2.0 (Enterprise)
- Password: Bcrypt hashing, complexity requirements
- Session: 8-hour timeout, secure cookies
- IP Whitelisting: Restrict access by location
- Device Trust: Remember trusted devices
Development & Operations Security
Secure Development
- Secure coding training for all engineers
- Automated SAST/DAST scanning
- Dependency vulnerability monitoring
- Code review required for all changes
- Penetration testing (annual)
Deployment Security
- Immutable infrastructure
- Zero-trust network architecture
- Secrets management (HashiCorp Vault)
- Automated security patching
- Change management approval process
Incident Response
- 24/7 security operations center
- Documented incident response plan
- Breach notification within 72 hours
- Post-incident analysis and remediation
- Quarterly tabletop exercises
Data Ownership & Privacy
Your Data Stays Yours
- Ownership: You retain full ownership of your data
- Portability: Export in CSV, JSON, or database dump
- Deletion: Permanent deletion within 30 days of request
- No Training: We never use your data to train ML models
- No Sharing: Zero third-party data sharing without consent
Transparency & Control
- Clear data processing agreements
- Subprocessor list published and updated
- Data residency selection (US/EU/custom)
- On-premise deployment option (Enterprise)
- Right to audit upon reasonable request
Questions About Security?
Our security team is here to help with your specific requirements