Cloud PlatformUser Guide
Privacy & Security
How Omics-OS Cloud protects your data
Privacy & Security
Your data security is our priority. Here's how Omics-OS Cloud protects your research.
Data Isolation
Every user session has its own isolated workspace:
- Separate S3 bucket prefix — Your files are stored in a unique location
- Session-scoped access — Only your session can access your data
- No cross-user access — Other users cannot see or access your files
your-session-id/
├── uploads/ # Your uploaded files
├── workspace/ # Analysis outputs
├── plots/ # Generated visualizations
└── exports/ # Downloadable resultsEncryption
In Transit
- TLS 1.3 — All connections to app.omics-os.com use HTTPS
- Certificate pinning — Prevents man-in-the-middle attacks
At Rest
- AES-256 encryption — All files in S3 are encrypted
- AWS KMS — Keys managed by AWS Key Management Service
- Encrypted backups — Daily backups are also encrypted
Authentication
Anonymous Sessions
- No personally identifiable information stored
- Session expires after 24 hours
- Data deleted after session expiration
Authenticated Users
- AWS Cognito — Enterprise-grade identity management
- Secure password requirements — Minimum 8 characters, complexity enforced
- Optional MFA — Two-factor authentication available
- Session tokens — Short-lived JWTs, automatically refreshed
Data Retention
| Tier | Session Data | Analysis Results | After Deletion |
|---|---|---|---|
| Trial | 24 hours | 24 hours | Immediate |
| Starter | 30 days | 30 days | 7 days grace |
| Professional | 90 days | 90 days | 30 days grace |
| Enterprise | Custom | Custom | Custom |
Right to deletion: You can request immediate deletion of all your data at any time via support@omics-os.com.
What We Don't Do
- We don't sell your data — Ever, to anyone
- We don't train AI on your data — Your analyses are not used to improve models
- We don't share with third parties — No data sharing without explicit consent
- We don't retain after deletion — When you delete, it's gone
Infrastructure Security
AWS Security
- VPC isolation — Backend runs in private subnets
- Security groups — Strict firewall rules
- No public IPs — Backend services not directly accessible
- NAT Gateway — Controlled outbound access
Access Control
- IAM roles — Principle of least privilege
- No hardcoded credentials — Secrets in AWS Secrets Manager
- Audit logging — CloudTrail logs all access
Compliance
Omics-OS Cloud infrastructure is designed for:
| Standard | Status |
|---|---|
| GDPR | Compliant |
| SOC 2 Type II | In progress |
| HIPAA | Enterprise tier only |
| ISO 27001 | Planned |
Healthcare data: If you're working with PHI (Protected Health Information), contact us for Enterprise tier with HIPAA BAA.
Responsible AI Use
LLM Interactions
- Your prompts are sent to LLM providers (currently Google Gemini) for processing
- We use API agreements that prohibit training on customer data
- No conversation data is stored by LLM providers beyond immediate processing
Bioinformatics Tools
- All analysis runs in our infrastructure, not third-party services
- Tool outputs are stored only in your session workspace
- No external data transmission during analysis
Reporting Security Issues
Found a vulnerability? Contact security@omics-os.com.
We take security reports seriously and will:
- Acknowledge within 24 hours
- Investigate promptly
- Keep you informed of resolution
- Credit responsible disclosure (if desired)
Questions?
For security-related questions:
- Email: security@omics-os.com
- Documentation: This page
- Enterprise inquiries: enterprise@omics-os.com