Security

How we protect your laboratory's research data

Research data is among the most sensitive information an institution can hold — unpublished findings, proprietary compounds, patient-adjacent samples. Paraclyst is built with the understanding that security is not a feature to be added later. It is structural, layered, and present at every level of the platform.

This page explains, in plain language, exactly how we protect your data and what controls are in place for you and your team.

How your data is protected

Six layers of protection active on every account, from day one.

Data Encryption

All data is encrypted in transit and at rest. Whether your team is uploading experimental results or retrieving protocol documents, every byte travels and is stored securely using industry-standard encryption.

Organisation-Level Isolation

Your laboratory's data is completely isolated from every other organisation on the platform. No user from another institution can see, query, or access any part of your workspace — by design, not just by policy.

Role-Based Access Control

Not everyone in your lab needs access to everything. Principal Investigators, Lab Managers, Team Members, and Viewers each have a precisely defined scope. A team member cannot access billing. A viewer cannot edit protocols. Access is matched to responsibility.

Full Audit Logging

Every significant action taken in your workspace — creating a sample, modifying a protocol, approving a request, inviting a team member — is recorded with a timestamp and the identity of the person who performed it. Nothing is silently changed.

Infrastructure Reliability

Paraclyst is built on enterprise-grade cloud infrastructure with automatic failover, continuous backups, and geographic redundancy. Your data is never stored in a single location and is protected against hardware failure.

Session Management

Sessions are time-limited and server-verified on every request. If your account is deleted or your session expires, access is revoked immediately — no lingering tokens, no stale sessions that remain active.

Password requirements

Weak passwords are one of the most common causes of account compromise. Paraclyst enforces strong password standards for every account on the platform — not as a suggestion, but as a hard requirement at the point of sign-up and password change.

Every Paraclyst password must contain:

  • At least 12 characters long
  • At least one uppercase letter (A–Z)
  • At least one lowercase letter (a–z)
  • At least one number (0–9)
  • At least one special character (e.g. !, @, #, $)

These requirements apply to new accounts, password resets, and any password change made through account settings. They cannot be bypassed by any user, including administrators.

Account protections

Beyond passwords, Paraclyst enforces a set of account-level safeguards that protect your workspace even if a password is compromised or a session is left unattended.

Email confirmation required before any account becomes active

Secure password change — requires a recent login session

Current password must be entered before setting a new one

Immediate session termination on account or organisation deletion

All invited team members are verified before joining a workspace

What you can do to keep your lab secure

The strongest technical security can be undermined by simple human habits. Here is what we recommend to every Principal Investigator and Lab Manager using Paraclyst.

Use a unique password

Do not reuse a password you use on any other service. A password manager (such as 1Password, Bitwarden, or Apple Keychain) makes this straightforward.

Review your team members regularly

If a student, postdoc, or collaborator leaves your lab, remove their account immediately from the Team settings page. Former members should not retain access.

Assign the correct role to each person

Give team members only the access level they need. A visiting researcher reviewing protocols does not need Lab Manager permissions.

Log out on shared computers

If you access Paraclyst on a shared or public machine, always log out when you are finished. Do not rely on the session timing out automatically.

Check the audit log periodically

Your workspace audit log records every significant action. Review it occasionally to confirm that activity matches what your team is actually doing.

Report anything suspicious immediately

If you notice unexpected logins, changes you did not make, or anything that looks wrong, contact us at support@paraclyst.com straight away.

Responsible disclosure

If you are a security researcher or a user who has discovered a potential vulnerability in Paraclyst, please contact us directly before disclosing it publicly. We take every report seriously, investigate promptly, and will work with you to resolve it responsibly.

Please send security reports to support@paraclyst.com. Do not submit security vulnerabilities through the public contact form.

Last updated: May 2026. For general enquiries, visit our contact page.

← Back to Home