Security

How we protect our servers and your data.

Introduction

As an application processing unpublished genome databases, we recognize the importance of great security practices.

This document covers our security practices and policies. If you are interested in the data we collect and store, please see our privacy policy.

General practices

Access to servers, source code, tools and services are secured with multi-factor authentication.

We use strong, randomly-generated passwords that are never re-used.

Access to production systems is given to employees and contractors only when absolutely necessary to help our customers with support issues and provide high quality services. All access is closely monitored and logged to ensure customer privacy.

We update code dependencies whenever a known security vulnerability is announced. This is done using automated security vulnerability detection tools.

We run periodic Zed Attack proxy (ZAP)® pentests against our systems to ensure there are no exploitable security issues. We aim to have zero CRITICAL and HIGH level vulnerabilities across all our systems.

You can download our latest report here.

Authentication

User authentication is handled by encrypted session cookies with login links sent to your email address.

Single Sign On integration with the customers’ authentication system is available upon request.

User audit

Detailed user actions audit can be enabled upon request for admins in organizations dealing with particularly sensitive data.

Encryption

All web traffic is encrypted using TLS 1.2 or better, with certificates managed and periodically updated by AWS Cloud.

User uploaded databases and queries are stored in a file-system that is encrypted at rest as well as during transfers between the file system and the servers.

Network

All systems are hosted inside a Virtual Private Cloud, with only necessary ports open to access our products.

Fully Isolated Servers

Customers who need an extra layer of security can have their instances hosted on fully isolated cloud infrastructure dedicated to them.

Responsible disclosure and questions about security

For any questions regarding our security, or to report a security issue, please contact contact@sequenceserver.com