Trust & Security

We work to ensure best-in-class security to protect your data

Breeze through IRBs. Labfront is trusted by hundreds of the world's top researchers to keep their data safe, secure, and compliant.

person with security badges around themTrust and security Image

Trusted By Researchers from Top Institutions

Check Icon


With ever increasing cybersecurity risks, our data protection protocols have never been more important.

Check Icon


We are built on top of AWS’s secure and reliable infrastructure to ensure the best experience.

Check Icon


We're committed to protecting both your privacy and the privacy of your participants.

Check Icon


We keep up-to-date on global and regional standards around research data so you don’t have to.


Protect your work

As a digital-first tool to help your research, we recognize the growing importance of data security. That’s why at Labfront, we continually update our systems to ensure the most up-to-date best practices around security.

Check Icon

Infrastructure security

Security needs to built from the ground up. Password hashing, encrypted data storage and transfer, and principles of least privilege access are all standard within Labfront.

Check Icon

Organizational security

The strength of security is only as strong as the weakest link. That’s why we continually implement new security controls and protocols to keep our team up-to-date.

Check Icon

Product security

Labfront is always looking to improve in-product data protection offerings for greater control over your data. Easily enable features like two-factor authentification.


Transparent monitoring

We offer full transparency into system status and performance.

Check Icon

Uptime and availability

Labfront supports a 99% uptime commitment for all customers, and provides transparency into real-time platform status.

Check Icon

Business continuity

Building off AWS’s backup system, Labfront has the recovery procedures in place for restoring data in the event of unavoidable failures.


Protect what matters

We understand we are dealing with sensitive data. Our comprehensive privacy and compliance policy ensures alignment with regulations such as the Health Insurance Portability and Accountability Act (HIPAA) among others.

Check Icon

Privacy controls

Labfront is built with a highly modular least privilege system, meaning you get full control over how you use your data.

Check Icon

Data governance

We follow the best practices regarding data governance to ensure a reliable and safe experience.

Check Icon

Data residency (in progress)

Labfront is currently hosted in the US but will be opening up new EU servers in the future to support our European customers.


Certifications and attestations

Labfront adheres to global privacy laws and security standards ensuring we breeze through IRBs and purchasing committees.

HIPAA badge


Health data protection for US residents

GDPR badge


Data protection and data subject rights for EU residents

GCP badge


Following the best practices to ensure Good Clinical Practice

state ramp logo


Cybersecurity framework ensuring US cloud service security and compliance

Frequently asked questions

We're here to help with any questions you have about Labfront's privacy and security policies. Don't hesitate to contact us at

Do you offer any privacy and security information for IRBs?
down arrow

Yes, we sure do and we've passed all IRBs since we've been active. You can find our supporting documentation for IRB in this article.

How long is the data going to be saved on the Labfront server?
down arrow

We typically save research data for 3 years after study completion, following the write-up of the results. For relevant studies, Labfront will also be compliant with the NIH Data Management and Sharing (DMS) Policy, effective January 25, 2023. We provide the ability to delete all data if requested by the researcher as well.

Can you provide more information about your privacy and security policies?
down arrow

You may refer to our security and privacy policies which are available below:

1. Labfront Privacy Policy

2. Labfront Terms of Service

3. Security Statement

To give further confidence to our strict policies, we have successfully supported IRB applications with Labfront as part of the study.  In fact, we've passed all IRBs since we've been active . You can find our IRB support documentation here.

Furthermore, Labfront intentionally does not have access to your project’s data or ask participants for their personal information. Instead, we use a unique invite code to connect participants to the platform and your project.

Who owns the physiological data collected from participants?
down arrow

You own your data and we do not access it. Our privacy and security policies are very strict (including not accessing your project data), these standard policies are usually enough to support grant applications, but we can provide additional guidance or information if needed.

Do you have HECVAT (The Higher Education Community Vendor Assessment Tool) documentation available?
down arrow

Yes, we have completed the HECVAT form that many higher institutions use. You can contact us at to request the documentation.

Where is the data hosted?
down arrow

We currently only support U.S. data centers and the data is stored in Virginia, America. You can view our privacy and security information here. However,  we're currently working with several institutions outside of the U.S., including Canada, Switzerland and Australia.

Do you provide a EULA?
down arrow

Since the Labfront service includes a variety of applications (eg. mobile app, web dashboard), we provide an all-encompassing Terms of Service instead of a simple EULA. If your institution asks for a EULA, you can link them directly to Labfront's Terms of Service.