Not at the moment. The data is stored in EU - Ireland.

Labstep follows the principle of least privilege, so only relevant Labstep employees can have access to data stored on our AWS account. Labstep employees are trained on this matter and would only ever access data for debugging purposes. All interactions with data are logged and audited at regular intervals.

We issue temporary access tokens only to relevant employees needing data access. All requests to read data are logged. This allows us to monitor who requested data, when and the data type.

Labstep encrypts data at rest and in transit. Labstep keeps daily backups of the database and files uploaded. At the infrastructure level, we have in place the following:

Labstep performs an external penetration test annually to ensure OWASP top 10 and other standards are followed.

At the application level, Labstep provides a security audit log to each customer. This gives the account admin a detailed report of all account security-related activity. You can see when users have last logged in and out of your organisation account, from which device, their IP address for the session, and more.

Note: this is only available in the Enterprise tier.

At the infrastructure level (AWS), Labstep maintains a complete audit trail of all activity (including logins etc.). We constantly monitor this activity and have automated alerts for suspicious activity. Information about this activity can only be shared on request and with a valid reason (e.g. suspected rogue activity from a Labstep employee).

One backup for all organisations.

Yes. Read more about how here.

Labstep has a plan to spin up a new environment on AWS (in a different geographic region if the main geographic region goes out of service) with a copy of the latest Database and Files backup. This will be done within 24 hours. This is tested twice a year.

For the duration of the recovery, data won’t be accessible. Within 24 hours, the service will resume, and data will be accessible. It is worth noting that Labstep ensures high availability by running multiple instances in different availability zones, so it is highly unlikely the service will completely stop.

Labstep keeps backups both in AWS and Google Cloud Platform (GCP) for redundancy.

Backups are only useful inside the Labstep infrastructure for security reasons. Backups are encrypted using keys that are managed and live inside the data centre (neither Labstep nor the cloud provider can read directly or export these keys). So they can only be decrypted and read within the data centre.

Data in Labstep is archived and not hard deleted. So at any given time, you can restore a deleted entry.

Furthermore, all data changes at the application level are logged and presented within the app (e.g. change of experiment name or notebook entry) as an activity log. In the case of notebook entries, the user can restore the entry to a previous point in time using our Time Machine feature.

There are various ways to extract data in Labstep. You can do it within the app, using our Export Client, API, or contacting your customer success manager, who can assist you with extracting all of your data in one go.

Data can be extracted in PDF or JSON format.

The backup policy of Labstep involves backing up all critical data stored within the platform to ensure that it can be quickly recovered in the event of any data loss or corruption. This backup process is performed daily, and backups are stored in two different data centres (Ireland and Paris).

Labstep regularly performs comprehensive tests of its backup and recovery processes to ensure their continued efficacy.

To ensure the highest level of data security, all backup data is encrypted using industry-standard encryption algorithms.

Yes, Labstep is committed to maintaining compliance with the above standards.