Neuroscience data is sensitive. Subject IDs, session notes, and notebook entries can carry PHI without anyone meaning them to. NDI Cloud is built on AWS with per-tenant isolation, encryption at rest and in transit, and audit logs that record what happened — never what was inside the request.
Every layer enforces the same tenant boundary — application, API, database, object storage. An admin can't read across labs by accident. A log can't capture PHI by accident. Keys rotate on a schedule, not on a remember-to.
Every search query and document read is filtered against the signed-in user's org permissions at the data access layer, not just the UI. Admins cannot accidentally read across tenant boundaries.
Identity runs on AWS Cognito (HIPAA-eligible). MFA, strong password policies, and short-lived JWTs come standard. No username/password databases on our side.
Every API call is logged with user, timestamp, action, and outcome. Request bodies and response payloads are explicitly excluded — so PHI cannot leak into logs by accident.
Metadata sits in MongoDB on AWS with encryption at rest. Raw data objects live in S3 with server-side encryption. Keys are managed through AWS KMS with automatic rotation.
MongoDB databases encrypted at rest. S3 buckets use SSE-KMS. Per-tenant keys rotated automatically.
All external traffic on TLS 1.2 or higher with HSTS. Internal service-to-service traffic runs over private VPC endpoints, not the public internet.
List views surface only the metadata needed to render. Full documents load only when you open them, keeping PHI off intermediate caches.
We share architecture diagrams, compliance documentation, and HIPAA boundary maps under NDA. Most institutional reviews close in a week.