All NCLab user data is stored in a MongoDB distributed database system running on Digital Ocean servers. Digital Ocean is a premier cloud computing provider. No user data is stored on computing nodes. When the user launches a computation, a computational engine is created on the corresponding cloud instance in a secure ”chroot” environment. User data is transferred there via an encrypted EV SLL connection. After the computation is finished, user data is transferred back the same encrypted way, the engine is terminated, user temporary data is deleted, and the cloud instance is destroyed.

Database Backups

Database backups are performed every 24 hours.

System Security

System installation is done using hardened, patched OS. Dedicated firewall and VPN services are used to help block unauthorized system access. Dedicated intrusion detection devices to provide an additional layer of protection against unauthorized system access.

Operational Security

Systems access is logged and tracked for auditing purposes. Secure document-destruction policies are in place for all sensitive information.

Communications

All private data exchanged with us is always transmitted over EV SSL The login credentials used to access NCLab cannot be used to access a shell or the file system. All users are virtual (meaning they have no user account on our machines) and are access controlled.

Employee Access

No Providers employees ever access users data in the database unless required to for support reasons. Support staff may log into your account to access settings related to your support issue. When working a support issue we do our best to respect your privacy as much as possible, we only access the files and settings needed to resolve your issue.

Maintaining Security

We protect your login from brute force attacks with rate limiting. All passwords are filtered from all our logs and encrypted. Login information is always sent over SSL. We keep a security consultant on retainer to help identify and prevent new attack vectors. We always test new features in order to cut out potential attacks, such as XSS-protecting wikis, and ensuring that Pages cannot access cookies.

Credit Card Safety

When you sign up for a paid Service, we do not store any of your card information on our servers. It is handed off to Braintree (a company owned by PayPal).

Contact Us

Have a question, concern, or comment about NCLab security?
Please let us know at support@nclab.com.