Since data is transferred to our server located in Qatar, a wide array of security measures are in force:

• The complete interaction with the server is secured with HTTPS.
• Input data is deleted from our servers as soon it is not needed anymore.
• We only store the number of samples and markers analyzed, we don't ever "look" at your data in anyway.
• All results are encrypted with a strong one-time password - thus, only you can read them.
• After imputation is finished, the data uploader has 7 days to use an encrypted connection to get results back.
• The complete source code is available in a public Github repository.

To upload and download data, users must register with a unique e-mail address and strong password. Each user can only download imputation results for samples that they have themselves uploaded; no other imputation server users will be able to access your data.

A wide array of security measures are in forece on the imputation servers:

• SSH login to the servers is restricted to only systems administrators.
• Direct root login via SSH is not allowed from the public Internet.
• The public-facing side of the servers sits behind the School of Public Health's Checkpoint virtual firewall instance where a default-deny policy is used on inbound traffic; only explicitly allowed TCP ports are passed.
• The School of Public Health also makes use of NIDS technologies such as Snort and Peakflow on its network links for traffic analysis and threat detection.
• On imputation server itself, updates are run regularly by systems administrators who follow several zero-day computer security announcement lists; the OSSEC HIDS is used for log analysis and anomaly detection; and Denyhosts is used to thwart brute-force SSH login attacks.

Imputation results are encrypted with a one-time password generated by the system. The password consists of lower characters, upper characters, special characters and numbers with max. 3 duplicates.