Security & Compliance
How we protect your research data
1. Data Protection
Prairie Biosciences is built with defense-in-depth security from the ground up. Every layer of the platform is designed to keep your research data safe.
- Encryption in transit (TLS 1.3) and at rest (AES-256)
- Isolated per-user workspaces, no cross-tenant data access
- Authentication via Clerk with industry-standard JWT tokens
- Role-based access controls on all API endpoints
2. Your Data, Your Rules
You maintain complete ownership of everything you upload and everything the platform generates from your data.
- You retain full ownership of all uploaded data and generated results
- Your data is never used to train machine learning models
- Data is deletable at any time upon request, and we honor GDPR/CCPA access and deletion rights
- We never share your data with third parties
3. Analysis Infrastructure
Every analysis runs in a fully isolated environment that is created on demand and destroyed when complete, ensuring no data leaks between sessions or users.
- Every analysis runs in an isolated, ephemeral container
- Containers are created on demand and destroyed after completion
- No persistent state between analyses: a clean environment every time
- S3-compatible object storage with per-user access controls
- Version-controlled, reproducible analysis pipelines
4. Sub-processors
We rely on a small set of vetted infrastructure providers to operate the platform. Each processes only the data category required to deliver its function.
| Sub-processor | Purpose | Data Category |
|---|---|---|
| Clerk | Authentication & session management | Account identifiers, email, auth metadata |
| Stripe | Payment processing (when billing is enabled) | Billing & payment details |
| Amazon Web Services (EC2 + MinIO) | Compute & object storage | Uploaded research data & generated results |
| ML/LLM provider | Gene-insight scoring | Derived gene/feature signals (no raw patient identifiers) |
5. Operational Commitments
Beyond the technical controls above, we hold ourselves to a clear set of operational practices around where data lives, how access is tracked, and what happens if something goes wrong.
Data is hosted in the United States on Amazon Web Services. Bring-your-own-cloud (BYOC) deployment is available for pharma partners that require their own region or tenancy.
Access and analysis activity is logged to support traceability and reproducibility across every pipeline run.
In the event of a confirmed data incident affecting your data, we commit to notifying affected customers promptly with the details we have.
You own everything you upload and everything generated from it. Your data is deleted on request, end to end.
6. Compliance Roadmap
We are actively working toward the formal certifications expected by regulated research environments. These are in progress. We do not claim any of them as achieved today.
Organization-wide security controls audit
Architecture designed with HIPAA requirements in mind
For GxP-regulated workflows
7. Questions?
For security inquiries or compliance documentation requests, email info@prairiebiosciences.com and we'll follow up directly.