FOR RESEARCH USE ONLY — AI-ASSISTED — NOT FOR CLINICAL DECISION MAKING
Trust & Compliance

Built for regulated science. Audited by design.

AiLabrix is engineered to meet the security and privacy expectations of EU research laboratories, accredited medical labs, and pharma R&D teams. Every control below is implemented in code, not in a slide deck.

Compliance frameworks Request full dossier (NDA)
01 — Standards alignment

Aligned with the standards your auditors already know

AiLabrix carries an explicit "research-use only" classification. Within that scope, the technical controls below are implemented and verifiable. Certification of the deploying organisation against any framework remains the organisation's responsibility.

GDPR

Regulation (EU) 2016/679 — personal-data protection.

Ready

ISO 15189:2022

Medical laboratory quality & competence.

Aligned

ISO/IEC 27001:2022

Information-security management.

Annex A mapped

CLIA

42 CFR Part 493 — US clinical labs.

Out of scope

GxP / GAMP 5

EU GMP Annex 11, ALCOA+ data integrity.

Cat. 5 controls

21 CFR Part 11

FDA e-records / e-signatures.

Out of scope

OWASP ASVS L2

Application security baseline.

Met

CLSI EP-series

Method-validation guidance (informative).

Math built-in
02 — Security posture

The controls behind the badges

Concrete defences. Each item is implemented in code and present at HEAD of the production branch. Detailed evidence is available under NDA.

1Tamper-evident audit trail

Every state-changing action writes a SHA-256-chained audit row. On-demand verification confirms chain integrity in milliseconds. ALCOA+ Original principle met by construction.

  • Hash chain over prev/curr row
  • Append-only schema
  • UTC contemporaneous timestamps
2Authentication & access

Argon2 password hashing, 12-character policy with rotation, TOTP MFA with AES-encrypted secrets at rest, role-based access control, account lockout, rate limiting, re-authentication on critical actions.

  • RBAC: admin vs user
  • TOTP MFA, Fernet-encrypted
  • 10/hour lockout policy
3Data residency & privacy

EU mode forces local-only LLM (Ollama) for zero data egress. Pre-LLM pseudonymisation scrubs identifier-like fields. Full data-subject rights endpoints (access, erasure, portability, restriction) under /api/dsr/.

  • EU mode: no cross-border transfer
  • Pseudonymisation pre-LLM call
  • GDPR Art. 15-22 endpoints
4Supply-chain transparency

CycloneDX SBOM regenerated on every push to main. Pinned Python dependencies. CSP, HSTS, CSRF, X-Frame-Options enforced via Flask-Talisman. Container runs as non-root.

  • CycloneDX SBOM in CI
  • Talisman security headers
  • Non-root container (UID 1000)
5Human-in-the-loop AI

The 21-stage pipeline gates every LLM-authored output behind mandatory human review. No solely-automated decision-making within the meaning of GDPR Art. 22. Prompt-template versioning logged on every call.

  • 21 stages with mandatory gates
  • LLM call audit (model, latency, cost)
  • No online learning
6Retention & lifecycle

Per-record-type retention configurable from the UI, enforced by a nightly cron. Three pre-built compliance profiles (research / GxP-lab / regulated) with audit-logged transitions.

  • Configurable per record type
  • Nightly automated purge
  • Compliance profile presets
03 — Sub-processors

Where your data may travel

AiLabrix is single-tenant and self-hosted. Below is the complete list of external services that may receive deployment data only when a deploying organisation explicitly enables them. The default privacy posture for EU deployments routes everything to a local model with zero egress.

Service Purpose Data exposed Default
Anthropic Claude API
USA · Anthropic PBC		Optional LLM inference for scientific interpretationDataset rows post-pseudonymisationPseudonymisationBefore any data is sent to a cloud LLM, AiLabrix automatically scrubs identifier-like fields (patient IDs, sample IDs, names, emails). What leaves the server is the scientific signal (numeric values, categorical labels) — not the identity behind it. Defined by GDPR Art. 4(5).Opt-in
OpenAI API
USA · OpenAI OpCo LLC		Optional LLM inference (alternative to Anthropic)Dataset rows post-pseudonymisationPseudonymisationBefore any data is sent to a cloud LLM, AiLabrix automatically scrubs identifier-like fields (patient IDs, sample IDs, names, emails). What leaves the server is the scientific signal (numeric values, categorical labels) — not the identity behind it. Defined by GDPR Art. 4(5).Opt-in
Ollama
On-prem · zero egress		Local LLM inference — no data leaves the serverStays on the deployed serverEU default
Brave Search API
USA · Brave Software		Optional evidence-retrieval for Deep Think modeQuery strings onlyOpt-in
Google Custom Search
USA · Google LLC		Alternative evidence-retrieval sourceQuery strings onlyOpt-in
Stripe
Ireland (EU) + USA · Stripe Payments Europe Ltd / Stripe Inc · SCCs		SaaS subscription billing — Checkout, Customer Portal, Stripe Tax for EU VATCustomer email, billing address, VAT ID, payment-method last 4 digits (card data NEVER stored on AiLabrix)SaaS only
Brevo (Sendinblue)
France (EU) · Sendinblue SAS		Transactional email (magic links, DPA confirmations, dossier delivery) + newsletter listRecipient email + name + subscription stateEU default
NCBI / NLM open APIs
USA · NIH / National Library of Medicine · public service		Scientific evidence retrieval: PubMed & PMC literature, Entrez Gene, ClinVar, MeSH terms, PubChem compound infoQuery strings only (gene symbols, MeSH terms, compound names, keywords) — never patient or sample dataAlways-on
Cloudflare
USA · Cloudflare Inc · SCCs · EU routing		CDN, WAF, DDoS protection, cookieless Core Web Vitals beaconIP address (transit only), aggregated performance metrics, no cookiesAlways-on

Each opt-in sub-processor is gated behind a signed Data Processing Agreement (Art. 28) including Standard Contractual Clauses Module Two. EU deployments may set AILABRIX_EU_MODE=1 to disable all cloud providers and force local Ollama. Detailed vendor-qualification evidence is available on request.

04 — Operating model

What you own, what we own

AiLabrix is software the deploying organisation runs inside its own perimeter. The boundary below describes the joint operating model.

AAiLabrix vendor responsibility
  • Source-code quality, security review, supply-chain hygiene
  • Hardening defaults (CSP, CSRF, rate-limit, MFA)
  • Audit-trail mechanism + verification endpoint
  • Disclaimer enforcement on every artifact
  • Sub-processor register skeleton
  • CycloneDX SBOM with every release
BDeploying-organisation responsibility
  • DPA execution with chosen LLM vendor
  • DPIA legal sign-off + Transfer Impact Assessment
  • Privacy notice instantiation in user language
  • Training records, internal audit, management review
  • Network perimeter, OS hardening, container-host security
  • Backup execution, restore drills, DR exercises
05 — Detailed dossier

The auditor-grade dossier — on request

The public posture above is the surface. The full dossier carries every control with file:line evidence, the live audit-chain verification log, and the per-framework gap analysis your security and procurement teams will ask for.

  • Controls register R01-R48 with implementation status and closing commits
  • ISO/IEC 27001:2022 Annex A — full 93-control mapping
  • Six framework checklists: GDPR · ISO 15189 · CLIA · CLSI · GxP · Part 11
  • 12-risk register with likelihood × impact and residual scores
  • CycloneDX SBOM + live audit-chain integrity verification
2 business days Response time
Mutual NDA Confidentiality
PDF + Markdown Delivery format
Tell us who you are
Loading challenge…
Used only to verify the request and send the dossier. No marketing emails. No sharing with third parties.
✓ Request received. Our privacy team will reply within 2 business days with the NDA + dossier package.