Data security and privacy protection
Use of the service
Negen's service is provided as a web-based application. The user is not required to download or install any separate software on their own computer. All that is required for secure use of the service is an up-to-date browser that meets current security recommendations. The service is always used over a secure connection (SSL), where all data traffic between the customer and service is heavily encrypted. Similar technology is commonly used in all online applications requiring data security, such as online banking and government transaction services. The little green padlock symbol in the address field indicates whether your connection is secure or not.
Logging in to the service
You may log in to the service with your user ID and personal password. Machine human identification is an added security measure taken to prevent automated intrusion attempts by automatically entering random login and password combinations on the login form. After five incorrect password entries, the user account will be locked out automatically for a certain period of time.
When creating a password, the system automatically checks the strength of the password and recommends using one with, for example, special characters and numbers.
Passwords are stored in the user database protected by extremely strong encryption (SHA-512) and each is assigned its own random character set, which makes breaking the encryption algorithm practically impossible.
The Negen online service operates as a cloud service through the Amazon Web Services centre in Frankfurt, Germany. The information entered by users is saved in a database, which can only be accessed the server used for the service. No separate files containing information saved by users in the system is saved in the server. A majority of the data contained in the database is saved in a non-readable binary format. The database cannot be accessed from the Internet. The content stored on the server hard drives is encrypted.
In order to maintain the online service, the server must be maintained and it must perform certain tasks. In order ensure a high level of data security, only absolutely essential services are provided through the Negen server to ensure the function of the online service. Unnecessary service ports are closed, thus helping to keep the system secured.
Amazon is responsible for the data network maintenance and hardware. All cloud services are carried out within the internal network of the data centre behind state-of-the-art firewalls. Only absolutely necessary data transfer ports are opened to provide online services.
Physical data security
The data centre and Amazon Web Services are heavily guarded and under surveillance. The facility can only be accessed by those assigned specifically to work there, the assigned shift personnel and specifically invited guests. The data centre floors can only be accessed by authorised staff with two-factor authentication. The buildings are protected with intrusion detection systems and round-the-clock guard and camera surveillance. Only personnel with special permission and who are qualified to make hardware installations and repairs have access to the actual server hardware.
For additional information on data protection in the Amazon Web Service:
Processing and storage of samples
Customer saliva samples are collected at the Negen facility, from which they are sent to a laboratory for analysis. The samples are treated anonymously throughout the entire process, thus making it impossible for a third party to identify the origin of any sample.
Any DNA left over from the analysis is properly stored while maintaining its anonymity if the customer should need a follow-up analysis necessary in the EU area. Samples are never used for anything but Negen's analysis services without the express consent of the customer.