When running applications with BioLib, by default, the application code is sent to the end-user's computer and executed client-side inside a WebAssembly sandbox. BioLib Encrypted Cloud is an extension of the BioLib platform designed for secure cloud computing.
BioLib Encrypted Cloud is an alternative to client-side execution, where the user's data is encrypted client-side and then sent to a Trusted Execution Environment (TEE), where the code execution happens in a secure enclave inside a BioLib data center. This gives access to more compute resources and means that the application is not downloaded to the end-user's computer. Hence, applications can be made available to the end-user, in a way that protects both the end-users data and the developers' source code.
TEEs are cryptographically secure hardware chips that can receive data and execute code in a way where it can be proven that neither data nor code can be leaked from the chip, thus keeping both safe. BioLib Encrypted Cloud leverages TEEs to let the analysis providers and data owners collaborate, without running any risk of revealing sensitive or proprietary information to the other party. Because the user's data is only decrypted inside the secure hardware chip, neither the application developer nor BioLib, can gain access to it.
You can read about how to set up BioLib Encrypted Cloud for your application here.