Security & Compliance
Protecting your research data is our priority
Our Security Commitment
At Pipette.bio, we understand that your research data is valuable and often sensitive. We've built our platform with security as a foundational principle, not an afterthought. Our infrastructure is designed to protect your data while giving you the tools to perform cutting-edge bioinformatics analysis.
Encryption at Rest
All data stored on our platform is encrypted using AES-256 encryption, the same standard used by financial institutions and government agencies.
Encryption in Transit
All data transmitted to and from Pipette.bio is protected with TLS 1.2+ encryption, ensuring your data is secure during transfer.
Serverless Infrastructure
Analyses run on AWS Fargate serverless containers that automatically scale and terminate after use, minimizing data exposure windows.
Access Controls
Each account has private access to its own data and analyses. Your research data is only accessible to you.
Analysis Provenance
Every analysis generates a complete record of inputs, parameters, and outputs, ensuring reproducibility and transparency in your research.
Secure Deletion
When you delete data, it's permanently removed from our systems. Temporary analysis files are automatically purged after processing.
Infrastructure
Pipette.bio is built on Amazon Web Services (AWS), leveraging their world-class security infrastructure. We use AWS Fargate for serverless compute and RDS for managed databases. AWS data centers maintain multiple compliance certifications and undergo continuous security audits.
- Data Location: All data is processed and stored in AWS US-East region
- Compute: AWS Fargate serverless containers for analysis workloads
- Database: AWS RDS with automated backups and encryption
- Storage: AWS S3 for research data with server-side encryption
- Network Security: Private VPC with strict firewall rules
Compliance Status
We are committed to meeting the compliance requirements of research institutions and enterprise customers. Below is our current compliance status:
| Framework | Status | Details |
|---|---|---|
| GDPR | Compliant | Full compliance with EU data protection requirements. Data processing agreements available. |
| CCPA | Compliant | California Consumer Privacy Act compliance for US users. |
| AWS Security Best Practices | Implemented | Following AWS Well-Architected Framework security pillar guidelines. |
| HIPAA | Contact Us | For healthcare research data requirements, please contact us to discuss your needs. |
| SOC 2 Type II | Planned 2027 | SOC 2 audit planned for enterprise customers. |
Data Handling Practices
What We Access
- We access your data only to provide the analysis services you request
- Support staff may access data only with your explicit permission to troubleshoot issues
- We never sell, share, or use your research data for purposes other than providing our service
AI and Your Data
- Your research data is not used to train our AI models
- Conversations with our AI agent are processed to provide analysis but are not used for model training without consent
- You retain full ownership of all analysis outputs and results
Data Retention
- Research data (S3): Stored until you choose to delete it—you control retention
- Compute containers: Analysis environments automatically terminate after 8 hours maximum
- Account deletion: All data permanently removed upon request
Responsible Disclosure
We welcome security researchers to help us improve. If you discover a security vulnerability, please report it responsibly by emailing info@pipette.bio. We commit to:
- Acknowledging receipt within 48 hours
- Providing regular updates on our investigation
- Not pursuing legal action against good-faith researchers
- Crediting researchers who help us improve (with permission)
Questions About Security?
Our team is happy to discuss our security practices and answer any questions.
For enterprise security reviews or compliance documentation, contact us at info@pipette.bio