Skip to content

Data Security

Since data is transfered to our server located in Michigan, a wide array of security measures are in force:

  • All interactions with the server are secured with HTTPS.
  • Input data is deleted from our servers as soon as it is no longer needed.
  • We only store the number of samples and markers analyzed; we do not access your data in any way.
  • All results are encrypted with a strong one-time password, ensuring that only you can access them.
  • After imputation is complete, the data uploader has 7 days to retrieve the results using an encrypted connection.
  • The complete source code is available in a public Github repository.

Who has access?

To upload and download genotype data, users must register with a unique email address and a strong password. Each user can only download imputation results for samples they have uploaded themselves; other users of the Imputation Server will not have access to your data.

Cookies

We value your privacy and are committed to transparency regarding the use of cookies on our website. Below, we outline our cookie policy to provide clarity and assurance.

What are cookies?

Cookies are small text files that are placed on your device when you visit a website. They serve various purposes, including enhancing user experience, facilitating website functionality, and analyzing website traffic.

How do we use cookies?

We use cookies only for the purpose of facilitating login functionality. These cookies help us recognize your device and authenticate your access to our platform securely. We do not track any personal information or analyze user activities through cookies.

Why do we use cookies?

Cookies are essential for providing seamless login experiences to our users. By storing authentication information, cookies enable you to access your account efficiently without the need for repetitive login procedures. We respect your privacy and limit cookie usage exclusively to login purposes.

What security or firewalls protect access?

A wide array of security measures are in force on the imputation servers:

  • SSH access is restricted to system administrators only.
  • Direct login via SSH is not permitted from the public Internet.
  • The public-facing side of the servers is protected by the School of Public Health’s Checkpoint virtual firewall, which uses a default-deny policy for inbound traffic, allowing only explicitly permitted TCP ports.
  • The School of Public Health employs NIDS technologies such as Snort and Peakflow for traffic analysis and threat detection on its network links.
  • On the imputation server, updates are regularly applied by system administrators who monitor multiple zero-day security advisories. OSSEC HIDS is used for log analysis and anomaly detection, while Denyhosts is employed to prevent brute-force SSH login attacks.

What encryption of the data is used while the data are present?

Imputation results are encrypted with a one-time password generated by the system. The password includes lowercase and uppercase letters, special characters, and numbers, with a maximum of three duplicate characters.