AssayCore
PricingSecurityAbout

Live demos:

MedFoodCosmeticsMicroAgroVetEnvTracker

Security & Data Protection

Most LIMS vendors process your data on their cloud. AssayCore default deployment is on YOUR infrastructure - your DB, your runbook, your control.

Architecture

Backend: Kotlin + Spring WebFlux microservices. Database: PostgreSQL 16 with row-level security and Transparent Data Encryption (TDE). Auth: Keycloak (OIDC/SAML, self-hosted). Object storage: MinIO (S3-compatible). Messaging: Kafka with audit-log topic for replay.

Encryption

At rest: PostgreSQL TDE (AES-256). MinIO server-side encryption. In transit: TLS 1.3 with HSTS, automatic cert rotation via Let's Encrypt or your PKI.

Authentication & access control

Keycloak realms per product. SAML 2.0, OIDC, social IdP. Mandatory MFA for admin roles. Fine-grained RBAC with role inheritance. Session management with idle timeout, concurrent session limits, IP allowlisting.

Audit trail (21 CFR Part 11 compliant)

Every create/update/delete logged to immutable Kafka topic + Postgres audit table. User, timestamp, before/after values, source IP. Tamper-evident with HMAC chain. 10-year retention default.

Data residency

Managed Subscription: EU-Frankfurt or US-East (your choice). On-Premise: anywhere you choose. Data never leaves your jurisdiction without explicit SCC consent.

Backup & disaster recovery

Daily encrypted backups, retention 90 days. Cross-region replication for Enterprise tier. RPO ≤ 1h, RTO ≤ 4h. Annual DR test included.

Compliance

ISO 17025, ISO 15189, ISO 22716, 21 CFR Part 11, GxP, GDPR, HIPAA-ready. SOC2 Type II in progress (target 2026 Q4). DPA executed on request. HIPAA BAA available.

Penetration testing & vulnerability scanning

Annual third-party pentest (currently scoping for Q3 2026). Continuous SAST (SonarQube), dependency scanning (Snyk), container scanning (Trivy). CVE patching: critical within 24h, high within 7 days.

Contact

Security questions, DPA requests, vulnerability reports: info@assaycore.pro (subject: SECURITY)