Data Security

Protecting Your Research Data

At ThemeLab, we take the security of your research data seriously. This page outlines the technical and organizational measures we implement to protect your information.

1. Encryption

SSL/HTTPS Encryption

In Transit:

  • All connections to ThemeLab use SSL/HTTPS encryption (TLS 1.2+)
  • Data transmitted between your browser and our servers is encrypted
  • Prevents interception of data during transmission
  • 256-bit encryption for all communications

At Rest:

  • Database stored on secure, encrypted storage volumes
  • Backup files are encrypted before storage
  • Passwords stored using industry-standard hashing (Werkzeug/bcrypt)

2. Authentication and Access Control

Secure Authentication
  • Password-based authentication
  • Passwords hashed with salt
  • Session-based login management
  • Automatic session timeout
Access Controls
  • Project-based data isolation
  • Users can only access their own data
  • No cross-user data visibility
  • Protected API endpoints

3. Server Security

3.1 Infrastructure
  • Hosted on secure, professionally managed servers
  • Regular security patches and updates
  • Firewall protection against unauthorized access
  • DDoS mitigation measures
3.2 Database Security
  • Database not directly accessible from internet
  • SQL injection prevention through parameterized queries
  • Regular security audits
  • Automated backup systems

4. Application Security

CSRF Protection

Cross-Site Request Forgery prevention on all forms

XSS Protection

Automatic HTML escaping prevents code injection

Input Validation

All user inputs validated and sanitized

5. Data Backup and Recovery

5.1 Automated Backups
  • Daily automated database backups
  • Backups stored in encrypted format
  • Multiple backup locations for redundancy
  • 30-day backup retention
5.2 Disaster Recovery
  • Documented recovery procedures
  • Regular backup restore testing
  • Service continuity planning
User Responsibility

While we implement robust backup systems, we strongly recommend that you regularly export your project data using the JSON export feature as an additional precaution.

6. Privacy by Design

6.1 Data Minimization

We only collect data necessary for Service functionality:

  • No unnecessary personal information collected
  • No third-party analytics or tracking
  • No advertising or marketing cookies
  • No social media integration
6.2 User Control

You maintain full control over your data:

  • Export data anytime in standard formats
  • Delete projects and data as needed
  • Permanently delete account and all data
  • No vendor lock-in

7. Vulnerability Management

7.1 Security Updates
  • Regular updates to frameworks and dependencies
  • Monitoring for security vulnerabilities
  • Prompt patching of identified issues
7.2 Responsible Disclosure

If you discover a security vulnerability, please report it responsibly to us via govindgrover.com. We take all reports seriously and will respond promptly.

8. Compliance

8.1 Best Practices

ThemeLab follows industry security best practices:

  • OWASP Top 10 security guidelines
  • Secure coding practices
  • Regular security reviews
  • Principle of least privilege
8.2 Academic Research Standards

We support research data security requirements:

  • Pseudonymization of participant data
  • Secure storage of sensitive research data
  • Data export for institutional archiving
  • Compliance with IRB protocols (user responsibility)

9. User Security Best Practices

Recommendations

To keep your account secure, we recommend:

  • Use a strong, unique password
  • Don't share your account credentials
  • Log out when using shared computers
  • Regularly export your data as backup
  • Report suspicious activity immediately
  • Keep your email account secure (for password recovery)

10. Incident Response

10.1 Security Breach Protocol

In the unlikely event of a security incident:

  • Immediate investigation and containment
  • Assessment of affected data and users
  • Prompt notification to affected users
  • Remediation and preventive measures
  • Transparent communication about the incident

11. Limitations

Important Notice

While we implement robust security measures, no system is completely impenetrable. We cannot guarantee absolute security but commit to:

  • Following industry best practices
  • Continuously improving our security posture
  • Responding promptly to security concerns
  • Being transparent about our security measures

Users handling highly sensitive data should assess whether the security measures meet their specific institutional requirements.

12. Questions and Contact

For security-related questions or to report vulnerabilities, please visit govindgrover.com for contact information.

Our Commitment

ThemeLab is committed to maintaining the highest standards of data security. Your research data is valuable, and we treat it with the care and protection it deserves.