There are a series of questions that we frequently encounter from our users.
Although we can’t say that all of them are good questions (Customer Service has heard it all), most of them are.
One of these questions is: how do we manage our users’ data and ensure its security?
We operate under European legislation. Basically, this means we operate on the premise that each individual’s genetic information is their own, private, and personal.
If you are curious about the laws we follow, we elaborate on this in our Privacy and Security section.
We will never, under any circumstances, share this information with third parties without the clearly established consent of its legitimate owner. The user is, above all, the owner of their genome. DNA is confidential, and DNA tests are private.
If you doubt our morality, we can assure you of our legality. The penalties in Europe for such crimes are severe. In this part of the world, DNA companies do not sell data.
Additionally, we store the information anonymized; in the almost impossible case of a leak, the offenders would not be able to associate the stolen information with the corresponding users.
A Genetics Blog Talking About Cryptography
When it comes to the IT part, we work with Google Cloud to ensure that your data is protected at all times.
Google Cloud is the platform that Google uses to bring together all its web development applications. It allows for storing, accessing, and managing data without the need for hardware or software, using Google’s cloud.
When it comes to linking users with their codes anonymously, we use a robust security approach in Google Cloud SQL. This is a managed database based on MySQL, PostgreSQL, and SQL Server.
Your data is protected using advanced encryption techniques both at rest and in transit. If we don’t move it, it’s safe. If we move it, it’s still safe. There are governments that would wish to have the same confidence in their security as we do.
When we store your data in the Google Cloud SQL database, we use AES-256 encryption to ensure that only authorized persons can access it. This means your data is locked away in a secure place.
The name of this encryption system comes from the “Advanced Encryption Standard.” In this encryption, the original information is transformed in such a way that, without its corresponding decoder, it makes no sense.
The information is organized into 128-bit blocks, arranged in four-by-four matrices. The data in these matrices is moved first in the rows and then by mixing the columns, generating the encrypted text. This new text does not resemble the original at all.
Matrices also have an advantage: processors are slower working with these structures than with vectors or solitary numbers. This increases the time and energy cost for anyone trying to steal the information.
To decrypt it, the receiving system automatically performs the same steps as the encryptor but in reverse, to obtain the original information.
The key used to encrypt, therefore, must be known to both the sender and the receiver. These are called symmetric key systems and ensure not only the security of storage but also the journey of the information. What is sent would be a bunch of unreadable data to anyone without the key.
The 256 in its name, AES-256, comes from using a 256-bit key length to encrypt and decrypt the message. Among the AES systems, it is the longest and therefore the most secure.
At the time of writing this article, AES-256 encryption is considered unbreakable. Quantum computing will come later, and we will have to rethink many things, but that is a topic for the future.
Anonymous Data Even to Us
Additionally, when your data travels from our application to the cloud database, it does so through secure SSL/TLS connections. This ensures that the information is protected during its transit through the network, preventing third parties from intercepting it.
SSL and TLS are standard internet protocols that encrypt emails to protect their content. TLS is a newer, better version of SSL. These protocols are commonly used by Google. Gmail or Google Workspace work with various versions of TLS.
Regarding the anonymous linking of users with their codes, we use secure hashing techniques. This means we assign each user a unique identifier anonymously, maintaining user privacy and data integrity.
Hashing techniques are cryptographic functions that convert data into new data using a mathematical algorithm. These techniques are especially popular for storing passwords.
An interesting aspect of this security system is that the stored data is unknown even to the company itself, because it has undergone the hashing process.
In the case of passwords, the service applies the hash to the entered information and compares it with the password stored for that user (which has undergone the same hashing process). If they match, access is granted; if not, it is denied. This is why a user who has forgotten their password must generate a new one: the database itself does not know the user’s password.
What greater security can there be for storing data when the box itself doesn’t know what it’s storing? This ensures data protection.
In summary, at tellmeGen we work with Google Cloud to ensure that your data is protected at all times, both when it is stored and when it is in transit. We use advanced encryption and anonymization techniques to ensure your security and privacy.
Even we do not know the individual data of each user (although we can work with it on a large and anonymous scale to improve our services).
Therefore, we are not just one of the best genome service companies. We are also one of the safest DNA testing companies.
