Data Security

Since data are transfered to our server located in Munich, a wide array of security measures are in force:

  • To increase security users have an option to use Google Authenticator one time password, in addition to normal password when they sign up
  • The complete interaction with the server is secured with HTTPS.
  • Input data are deleted from our servers as soon it is not needed anymore.
  • We only store the number of samples and markers analyzed, we don't ever "look" at your data in any way.
  • All results are encrypted with a strong one-time password - thus, only you can read them.
  • After imputation is finished, the data uploader has 7 days to use an encrypted connection to get results back.

System Security

The Imputation Server nodes run the latest Ubuntu OS, which is updated regularly. Access to the nodes of the Imputation Server is only possible via SSH to the head node, which in turn is placed behind HMGU jump server. Only HMGU employees have access to the jump server. SSH connection to the Imputation Server head node is disabled for the admin user, normal users allowed to connect to the head node must use Google Authenticator one time password in addition to SSH password. The OS on the head node is monitored by accct service. SSH is configured to use PAM.

Who has access?

To upload and download data, users must register with a unique e-mail address and strong password. Each user can only download imputation results for samples that they have themselves uploaded; no other imputation server users will be able to access your data.

Cookies

We value your privacy and are committed to transparency regarding the use of cookies on our website. Below, we outline our cookie policy to provide you with clarity and assurance.

What are cookies?

Cookies are small text files that are placed on your device when you visit a website. They serve various purposes, including enhancing user experience, facilitating website functionality, and analyzing website traffic.

How do we use cookies?

We use cookies only for the purpose of facilitating login functionality. These cookies help us recognize your device and authenticate your access to our platform securely. We do not track any personal information or analyze user activities through cookies.

Why do we use cookies?

Cookies are essential for providing seamless login experiences to our users. By storing authentication information, cookies enable you to access your account efficiently without the need for repetitive login procedures. We respect your privacy and limit cookie usage exclusively to login purposes.

What security or firewalls protect access?

A wide array of security measures are in force on the imputation servers:

  • The servers are within a private network behind a firewall, and direct access is only possible from within the private network.
  • Direct root login via SSH is not allowed.
  • On imputation server itself, updates are run regularly by systems administrators who follow several zero-day computer security announcement lists; and Denyhosts is used to thwart brute-force SSH login attacks.

What encryption of the data is used while the data are present?

Imputation results are encrypted with a one-time password generated by the system. The password consists of 16 characters: 5 uppercase + 5 lower case + 3 numbers + 3 special characters.