Skip to content
PlasmidStudio
Join beta

Security & Data Handling

How PlasmidStudio stores, processes, and protects your data.

Architecture Overview

PlasmidStudio is a browser-based application. Your constructs are stored in a cloud database, and AI design requests are processed through a proxy server — never sent directly from your browser to AI providers.

Browser(your device)TLS 1.3Hosting + API(edge functions)dataAI requestsDatabase(PostgreSQL)AI Proxy(request routing)AI APIs(LLM providers)

Data Storage

  • Database: PostgreSQL. Your construct data — names, features, sequences, and metadata — is stored in a managed cloud database.
  • Encryption at rest: AES-256 at the database level. API keys (admin and user-provided) are encrypted with AES-256-GCM before storage.
  • Encryption in transit: All connections use TLS 1.3. No data is transmitted unencrypted.

AI Processing

  • Proxy architecture: AI requests are routed through a server-side proxy. Your browser never communicates directly with AI providers.
  • Data retention by AI providers: Per their API terms, our AI providers do not use API inputs/outputs to train models. Providers may briefly retain requests for abuse monitoring and safety purposes.
  • API key security: All API keys are encrypted with AES-256-GCM before storage. User-provided BYO keys are resolved server-side and never exposed in the browser.

Authentication

  • Magic link authentication: PlasmidStudio uses email magic links. No passwords are stored or transmitted.
  • Session management: JWT-based session tokens verified on every API call.

What we don't have yet

PlasmidStudio is an early-stage product. We believe in being upfront about what we haven't built yet:

  • SOC 2 certification — Not yet pursued. On our roadmap as user base grows.
  • 21 CFR Part 11 compliance — Not available. PlasmidStudio is a design tool, not a validated GxP system.
  • SSO / SCIM — Not yet available. Currently email-based magic link only.
  • Audit trails — No detailed access or change logs beyond construct version history within sessions.
  • On-premises deployment — Cloud-only. No self-hosted option.

If any of these are blockers for your organization, let us know — it helps us prioritize.

Data Deletion

  • Individual constructs: Delete any construct at any time from the sidebar. Deletion is immediate and permanent.
  • Full account deletion: Email security@plasmidstudio.ai to request complete deletion of your account and all associated data.

Security questions or concerns? Contact us at security@plasmidstudio.ai

Last updated: March 2026