Security & Compliance

How we protect your research data

1. Data Protection

Prairie Biosciences is built with defense-in-depth security from the ground up. Every layer of the platform is designed to keep your research data safe.

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Isolated per-user workspaces, no cross-tenant data access
  • Authentication via Clerk with industry-standard JWT tokens
  • Role-based access controls on all API endpoints

2. Your Data, Your Rules

You maintain complete ownership of everything you upload and everything the platform generates from your data.

  • You retain full ownership of all uploaded data and generated results
  • Your data is never used to train machine learning models
  • Data is deletable at any time upon request, and we honor GDPR/CCPA access and deletion rights
  • We never share your data with third parties

3. Analysis Infrastructure

Every analysis runs in a fully isolated environment that is created on demand and destroyed when complete, ensuring no data leaks between sessions or users.

  • Every analysis runs in an isolated, ephemeral container
  • Containers are created on demand and destroyed after completion
  • No persistent state between analyses: a clean environment every time
  • S3-compatible object storage with per-user access controls
  • Version-controlled, reproducible analysis pipelines

4. Sub-processors

We rely on a small set of vetted infrastructure providers to operate the platform. Each processes only the data category required to deliver its function.

Sub-processorPurposeData Category
ClerkAuthentication & session managementAccount identifiers, email, auth metadata
StripePayment processing (when billing is enabled)Billing & payment details
Amazon Web Services (EC2 + MinIO)Compute & object storageUploaded research data & generated results
ML/LLM providerGene-insight scoringDerived gene/feature signals (no raw patient identifiers)

5. Operational Commitments

Beyond the technical controls above, we hold ourselves to a clear set of operational practices around where data lives, how access is tracked, and what happens if something goes wrong.

Data residency

Data is hosted in the United States on Amazon Web Services. Bring-your-own-cloud (BYOC) deployment is available for pharma partners that require their own region or tenancy.

Audit logging

Access and analysis activity is logged to support traceability and reproducibility across every pipeline run.

Breach notification

In the event of a confirmed data incident affecting your data, we commit to notifying affected customers promptly with the details we have.

Data ownership & deletion

You own everything you upload and everything generated from it. Your data is deleted on request, end to end.

6. Compliance Roadmap

We are actively working toward the formal certifications expected by regulated research environments. These are in progress. We do not claim any of them as achieved today.

SOC 2 Type II

Organization-wide security controls audit

In Progress
HIPAA

Architecture designed with HIPAA requirements in mind

Planned
21 CFR Part 11

For GxP-regulated workflows

Under Evaluation

7. Questions?

For security inquiries or compliance documentation requests, email info@prairiebiosciences.com and we'll follow up directly.