Security

Last updated: September 4, 2025

At GeneStream, we take the security of your personal and institutional data seriously. This page outlines our current security practices and efforts to protect your data.

Infrastructure Security

We use industry-standard cloud infrastructure to keep your data secure:

  • AWS hosting: Our platform runs on Amazon Web Services in us-east-2 (Ohio) with built-in security controls
  • Encrypted connections: All data transmission uses HTTPS/TLS encryption
  • Secure databases: Your data is stored in encrypted databases with access controls
  • Content delivery: Static assets are served through managed edge services with security headers

Authentication & Access Control

  • Auth0 authentication: Secure login with industry-standard protocols
  • Private repositories: Your private repositories are only accessible to you and collaborators you invite
  • Session management: Automatic logout and secure session handling
  • Permission controls: Granular role-based access for teams and organizations

We implement logical segregation of each organization’s repositories and enforce least-privilege access to production systems.

Data Protection

Encryption at Rest

Your personal and organizational data are encrypted when stored in our databases.

Encryption in Transit

All communication between your browser and our servers uses TLS encryption.

Regular Backups

We maintain encrypted backups to protect against data loss while ensuring security.

Access Monitoring

We monitor access to your data and maintain logs for security purposes.

Data ownership and residency: You own your data. We store it securely with encrypted backups.

Operational Security

Our team follows security best practices in platform development and operations:

  • Secure development practices and peer code reviews
  • Regular security updates for all system components
  • Limited, audited access to production systems and data
  • Documented incident response procedures
  • Ongoing security assessments and improvements

Responsible Disclosure

We appreciate security research and ask that you disclose vulnerabilities responsibly. Do not access or modify data that does not belong to you. Help us reproduce the issue so we can address it quickly.

Send disclosures toadmin@genestream.io

We acknowledge disclosures within 48 hours and will work with you on a timely, coordinated fix.

Compliance & Roadmap

Our infrastructure providers (e.g., AWS, Auth0) maintain industry-standard certifications, including SOC 2 and ISO 27001. Internally, we are formalizing our security and compliance controls and progressing toward achieving our own SOC 2 Type II and ISO 27001 certifications. We adhere to the principles of GDPR and CCPA and will continue expanding our compliance scope as we complete formal assessments and audits.

Limitations & Beta Considerations

In the interest of transparency, please note:

  • Our organization does not yet hold independent SOC 2 or ISO 27001 certifications
  • Certain security practices are actively maturing as we scale the platform
  • We are investing in a comprehensive, formalized security program and will share progress updates as key milestones are achieved

Your Responsibilities

You can help keep your account secure by:

  • Using a strong, unique password and enabling available safeguards
  • Not sharing your login credentials with others
  • Logging out when using shared or public computers
  • Reviewing your repository privacy settings regularly
  • Reporting suspicious activity or security concerns promptly

Questions?

If you have questions about GeneStream security, contact us at: admin@genestream.io