On BioLib, protection of data is the highest priority, and we always apply verifiable zero-knowledge data security. Specifically, no information about the input data, or the result of the analysis, is ever revealed to the application developer, BioLib, or any other third-party. This is achieved by leveraging a combination of client-side execution and end-to-end encrypted cloud computing.
When running applications using client-side execution, BioLib's infrastructure leverages the WebAssembly standard, which is compatible with most modern browsers, to turn your computer into a secure 'sandboxed' execution environment. The program code is sent to your machine, where it will be executed locally with your private input.
When running applications using client-side execution, the analysis algorithm is sent to the end-users' machine, where it is executed in an isolated sandbox environment. No data can leave the PC without the user's authorization.
Client-side execution offers you as an end-user the highest possible level of data security as no data can leave the local sandbox on your machine. Hence, your data stays secure within your PC and nobody - neither the application developer, BioLib, nor third-party code providers - will be able to access your data. For more documentation on the Web Assembly standard, visit webassembly.org.
When running applications using BioLib's Encrypted Cloud, the analyses run on a remote server managed by BioLib. Your data is encrypted client-side and then uploaded to special hardware called a Secure Enclave. The analysis is executed, and the result is encrypted inside the enclave before it is returned to your PC. Neither the analysis developer nor BioLib ever has access to your data.
Secure Enclaves are purpose-designed hardware that can verify that particular pieces of code have been executed on them. Leveraging this capability and running an open-sourced host application, it can be verified that input data and results of a given analysis can only be returned to the data-owner. This means that no-one - neither the application developer, BioLib, nor the cloud service provider - will be able to access the input data or the results of the analysis.