Skip to main content
AboutGuideContact
Sign in / Register
Security

How we protect your data

Your research is valuable. Here’s what we do to keep it safe.

Data Protection

Security at every layer

Encryption in Transit

All connections are encrypted with TLS. Your data is protected every time it moves between your browser and our servers.

Encryption at Rest

Data stored on our servers is encrypted using AES-256. Files, images, and records are protected at rest.

Tenant Isolation

Each project’s data is logically separated at the database level. Access policies are enforced on every query.

Role-Based Access

Assign roles to team members and manage permissions at the project level. Members only see the projects they belong to.

Automated Backups

Your data is backed up automatically with point-in-time recovery. If something goes wrong, we can restore your work.

US Data Residency

All data is stored and processed in the United States on Amazon Web Services infrastructure.

Privacy

Your data stays yours

  • No selling your data

    We will never sell or monetize your research data.

  • No ad sharing or profiling

    We never share your data with advertisers or use it to profile you. The only third parties involved are the vetted providers we rely on to run the service, such as cloud hosting, bound by contract to use it solely on our behalf.

  • No AI training on your data

    We don’t use your images or research data to train our models.

  • No third-party trackers

    Our website sets no advertising or analytics tracking cookies. We measure traffic from our own server logs instead.

  • Full export

    You can export your data anytime in standard, open formats.

  • Minimal collection

    We collect only what’s necessary to provide the service.

Read our Privacy Policy →

Compliance

Built for research, not regulated work

Here’s exactly where we don’t fit today, so you can decide in a minute.

  • SOC 2 / ISO 27001

    Not certified today. SOC 2 Type II is on our roadmap.

  • HIPAA / PHI

    We don’t handle PHI or sign BAAs. If your data includes patient information, we’re not the right fit today.

  • 21 CFR Part 11 / GxP

    Not available today. If regulated workflows are critical, we’re not your fit yet.

  • GDPR

    There’s no certification to hold for GDPR, but we follow it: we honor data-subject rights (access, export, correction, deletion), use Standard Contractual Clauses for EU data transfers, and don’t sell or profile your data.

  • EU / non-US data residency

    Your data is stored and processed in the US only. We don’t offer EU or other regional residency today.

  • Offline use

    Conspecta is cloud-first and runs in the browser. There’s no offline desktop mode.

If any of these is a hard requirement for your lab, we’re honestly not the right fit yet, and we would rather say so up front than waste your time. If not, you get a modern research platform without compliance overhead you don’t need.

Questions about security?

We’re happy to discuss how we handle your data in more detail.

Get in Touch