Security & privacy by design

Trust is built into every layer of the genomic data stack.

Omics AI is engineered to connect, protect, and unlock omics and health data. It keeps sensitive data secure, sovereign, and compliant across global federated networks.

Our approach

Health data is large, sensitive, and regulated. We treat it that way.

Every Omics AI product is built with security and privacy at its core. Our federated architecture lets you make AI powered discoveries across distributed datasets without ever moving the data, while staying aligned to international standards and regulations.

Compliance & certifications

Independently audited. Globally aligned.

Our controls are validated against recognized frameworks across the United States, Europe, and Canada.

AICPA SOC 2 for Service Organizations
SOC2 Type 2

Independently audited against the AICPA Trust Services Criteria for security, availability, and confidentiality.

HIPAA
HIPAA

Controls aligned to the HIPAA Privacy and Security Rules for safeguarding protected health information.

GDPR
GDPR

Processing practices aligned to the EU General Data Protection Regulation, including DPAs and data-subject rights.

PIPEDA — Personal Information Protection and Electronic Documents Act
PIPEDA

Aligned to Canada’s Personal Information Protection and Electronic Documents Act.

Global Alliance for Genomics and Health (GA4GH)
GA4GH

Omics AI implements standards from the Global Alliance for Genomics & Health, keeping your data portable and vendor neutral.

See our controls in real time.

Our live trust portal shows current control status, certifications, and subprocessors, monitored continuously.

View live status
Security at every layer

Controls that protect data end to end.

From encryption and access control to continuous monitoring and a federated, zero data movement model.

lock
Encryption everywhere

Data is encrypted in transit (TLS 1.2+) and at rest (AES-256) across every product and environment.

key
Identity & access control

Role based access, SSO and SAML, and least privilege rules govern who can reach data and systems.

graph_5
Federated by design

A zero data movement model keeps sensitive data inside its source environment. Compute and AI move to it.

monitoring
Monitoring & audit trails

Continuous monitoring, logging, and alerting capture every access event across infrastructure and data.

shield_lock
Hardened infrastructure

Segregated environments, routine vulnerability scanning, and penetration testing keep infrastructure resilient.

health_and_safety
Responsible disclosure

A published disclosure policy and a clear reporting channel let researchers flag concerns responsibly.

Data protection

Zero data movement.

Sensitive data stays inside its source environment. Compute and AI move to the data, so you unlock insights across distributed datasets without ever transferring or duplicating them.

check_circle

Data stays in place

No copying, no transfers. Sensitive datasets never leave their governed source environment.

check_circle

Compute moves to data

Analysis and AI run where the data lives, under the data custodian’s own controls.

check_circle

Insights, not exposure

Only approved, aggregated results leave the boundary. Everything is enforced by policy and fully audited.

Built for regulated research

Ready for the most demanding programs.

From national biobanks to clinical and pharma workflows, Omics AI is built to satisfy auditors, regulators, and data custodians.

lock
Data residency & sovereignty

Deployments can be scoped to a region or jurisdiction so data stays where the law requires.

key
Audit trails & accountability

Every access and action is logged, attributable, and exportable for audit and review.

graph_5
Consent & access governance

Request and approve workflows enforce consent and least privilege on every dataset.

monitoring
GxP-ready & Part 11 aligned

Controls and documentation support GxP workflows and 21 CFR Part 11 expectations.

Documents & resources

Everything reviewers need, in one place.

Security and compliance documentation is shared on request under NDA.

assignment
SOC2 Type II Report

Full independent audit report of our controls and their operating effectiveness.

Request access
security
Penetration Test Summary

Executive summary of our most recent third party penetration test.

Request access
menu_book
Security & Privacy Whitepaper

How Omics AI protects omics and health data across federated networks.

Request access
article
Data Processing Addendum (DPA)

Standard data processing terms for GDPR and PIPEDA compliance.

Request access
list
Subprocessor List

Current list of subprocessors and the services they support.

Request access
cloud_done
Business Continuity & DR Overview

Our approach to resilience, backups, and disaster recovery.

Request access
info Need something not listed here? View all our compliance reports.

Have a security or compliance question?

Our team responds to vendor assessments, questionnaires, and document requests. We also welcome responsible disclosure of any security concerns.

Contact security team
Top