Skip to main content
Genolith
Security & Compliance

Enterprise-Grade
Security

Genolith is built from the ground up for regulated industries. We maintain the highest standards of security, privacy, and compliance to protect your most sensitive genomic data.

Request Security DocumentationRequest BAA

Certifications & Compliance

We maintain certifications and compliance with major regulatory frameworks to meet the requirements of healthcare and life sciences organizations.

HIPAA Compliant
Health Insurance Portability and Accountability Act
Certified

Genolith maintains full compliance with HIPAA Security Rule requirements including administrative, physical, and technical safeguards for protected health information (PHI).

  • Business Associate Agreement (BAA) available
  • PHI encrypted at rest and in transit
  • Access controls with role-based permissions
  • Comprehensive audit logging
  • Workforce training and policies
FDA 21 CFR Part 11
Electronic Records and Signatures
Certified

Our platform meets FDA requirements for electronic records and electronic signatures, enabling use in regulatory submissions and clinical research.

  • Tamper-evident audit trails
  • Electronic signature controls
  • System validation documentation
  • Access control and authentication
  • Record retention and retrieval
SOC 2 Type II
Service Organization Control
In Progress

We are currently undergoing SOC 2 Type II certification to demonstrate our commitment to security, availability, and confidentiality controls.

  • Security controls assessment
  • Availability monitoring
  • Confidentiality safeguards
  • Processing integrity
  • Independent auditor review
GDPR Compliant
General Data Protection Regulation
Certified

Genolith complies with GDPR requirements for processing personal data of EU residents, including data subject rights and transfer mechanisms.

  • Data processing agreements
  • Data subject access requests
  • Right to erasure support
  • Data portability
  • Standard contractual clauses

Security Practices

Defense in depth with multiple layers of security controls protecting your data at every level.

End-to-End Encryption

All data is encrypted using AES-256 at rest and TLS 1.3 in transit. MLS (Messaging Layer Security) protocol provides forward secrecy for collaborative workspaces.

Access Control

Row-level security ensures strict tenant isolation. Role-based access control (RBAC) with support for custom roles and granular permissions.

Audit Logging

Every action involving PHI is logged with immutable audit trails. Logs include user identity, timestamp, action, and affected resources.

Infrastructure Security

Deployed on Google Cloud Platform with SOC 2 certified infrastructure. Multi-zone redundancy and automated failover ensure 99.9% uptime.

Vulnerability Management

Continuous security scanning, regular penetration testing, and a responsible disclosure program. Critical vulnerabilities addressed within 24 hours.

Identity Management

Multi-factor authentication (TOTP, WebAuthn), SSO/SAML integration for enterprise customers, and automated session management.

Cryptographic Verification

Zero-Knowledge Proofs for Regulatory Compliance

Genolith uses zero-knowledge cryptography to generate verifiable proofs of computational integrity. These proofs allow regulators and auditors to verify that analyses were performed correctly without accessing the underlying data.

Learn More About VCE

Computational Integrity

Zero-knowledge proofs verify that off-target analyses were computed correctly without revealing the underlying sequence data.

Regulatory Evidence

Cryptographic receipts serve as immutable evidence for FDA and EMA submissions, demonstrating that results have not been tampered with.

Third-Party Verification

Proofs can be independently verified by regulators, auditors, or collaborators without access to proprietary data.

Tamper Detection

Any modification to the input data or computed results will invalidate the proof, providing immediate detection of tampering.

Data Handling

Your data, your control. We provide the tools and guarantees you need to meet your compliance requirements.

Data Residency

Choose where your data is stored. Options include US, EU, and APAC regions with guaranteed data residency.

Data Retention

Configurable retention policies. Data can be automatically deleted after analysis or retained according to your compliance requirements.

Data Ownership

You retain full ownership of your data. We process data only as directed and never use customer data for training or other purposes.

Enterprise

Need Custom Security Requirements?

Enterprise customers receive dedicated security support, custom compliance documentation, and flexible deployment options including private cloud and on-premise installations.

Dedicated security review
Custom SLA agreements
Private deployment options
BAA and custom DPAs
Contact Enterprise Sales

Security Questions?

Our security team is available to answer your questions, provide documentation, and discuss your specific compliance requirements.

security@genolith.ioPrivacy Policy

For security vulnerabilities, please email security@genolith.io with details. We aim to respond to all security reports within 24 hours.