Security & Infrastructure

Last Updated: June 1, 2026

FlaskTrack is designed to help organizations manage laboratory operations, research workflows, compliance documentation, audit records, sample tracking, and associated data.

This page provides an overview of the technical, administrative, and organizational safeguards used to protect customer information and maintain service reliability.

Contents

  1. Security Philosophy
  2. Infrastructure
  3. Data Isolation
  4. Encryption
  5. Authentication & Access Controls
  6. Audit Logging
  7. Application Security
  8. Monitoring & Detection
  9. Backups & Recovery
  10. Incident Response
  11. Subprocessors
  12. Customer Responsibilities
  13. Compliance Statement
  14. Security Contact

1. Security Philosophy

Security is incorporated into the design, operation, and maintenance of FlaskTrack.

We follow the principle of least privilege, limit access to production systems, maintain audit trails, and continuously improve operational controls.

Security is a shared responsibility between FlaskTrack and our customers. We provide the platform and controls; customers remain responsible for account management, user permissions, and data governance decisions.

2. Infrastructure

FlaskTrack operates on cloud infrastructure provided by DigitalOcean and other approved service providers as necessary to operate the platform.

Infrastructure services may include:

  • Application hosting
  • Managed databases
  • Object storage
  • Backup systems
  • Monitoring systems
  • Networking services
  • Email delivery services

Infrastructure components are deployed and maintained using modern operational practices intended to minimize service interruptions and unauthorized access.

3. Data Isolation

Customer data is logically isolated between organizations.

FlaskTrack is a multi-tenant platform that implements organization-level separation of customer information.

Access to customer records is restricted through application-level authorization controls, organization ownership checks, and role-based permissions.

Users can only access information they have been explicitly authorized to view.

4. Encryption

Encryption In Transit

Communications between users and FlaskTrack are protected using Transport Layer Security (TLS).

Sensitive information transmitted across networks is encrypted while in transit.

Encryption At Rest

Storage systems may utilize encryption-at-rest functionality provided by infrastructure vendors where available and appropriate.

Password Security

Passwords are never stored in plaintext.

Authentication credentials are stored using modern password hashing techniques designed to resist credential compromise.

5. Authentication & Access Controls

FlaskTrack implements multiple layers of access control.

Role-Based Permissions

Organizations may assign users roles that determine available permissions.

Permissions may govern access to:

  • Protocols
  • Workflows
  • Samples
  • Batches
  • Compliance records
  • Reporting systems
  • Administrative functions
  • User management

Least Privilege

Access should be granted only to users who require it for legitimate operational purposes.

Administrative Access

Access to production systems is restricted to authorized personnel with a legitimate need.

6. Audit Logging

FlaskTrack maintains audit records for important platform activities.

Depending on functionality and plan level, audit records may include:

  • Record creation
  • Record modification
  • Record deletion
  • User actions
  • Workflow events
  • Compliance events
  • Administrative actions

Audit records assist customers in understanding historical activity within their organizations.

7. Application Security

FlaskTrack incorporates security controls intended to reduce common application security risks.

These controls may include:

  • Input validation
  • Authorization checks
  • Session protections
  • Permission enforcement
  • Secure password handling
  • Rate limiting where appropriate
  • Logging and error monitoring

Security controls are periodically reviewed and improved as the platform evolves.

8. Monitoring & Detection

Operational monitoring is used to maintain service availability, reliability, and security.

Monitoring systems may collect information related to:

  • Application health
  • Infrastructure performance
  • Error conditions
  • Authentication events
  • Security events
  • Availability metrics

Monitoring information is used to investigate incidents, diagnose problems, and improve service reliability.

9. Backups & Recovery

FlaskTrack may maintain backups of critical systems and customer data.

Backup schedules, retention periods, and recovery procedures may vary depending on operational requirements.

While backups are intended to support recovery efforts, no backup system can eliminate all risk of data loss.

Customers should maintain copies of information considered critical to their operations.

10. Incident Response

FlaskTrack maintains procedures for responding to security incidents.

Incident response activities may include:

  • Investigation
  • Containment
  • Remediation
  • Recovery
  • Post-incident review

Where required by law or contractual obligations, affected customers may be notified of confirmed incidents involving customer data.

11. Subprocessors

FlaskTrack utilizes third-party service providers to operate portions of the Service.

Provider Purpose
DigitalOcean Hosting, databases, storage, networking
Stripe Payment processing
Email Providers Transactional email delivery

Additional subprocessors may be added as platform requirements evolve.

12. Customer Responsibilities

Customers play an important role in maintaining security.

Customers are responsible for:

  • Protecting account credentials
  • Managing user permissions
  • Removing inactive users
  • Reviewing audit records
  • Maintaining internal security procedures
  • Complying with applicable regulations

13. Compliance Statement

FlaskTrack provides tools that may support compliance programs, but use of the platform does not itself establish compliance.

Customers remain responsible for determining whether FlaskTrack satisfies their specific legal, regulatory, quality, validation, or operational requirements.

Unless expressly agreed in writing, FlaskTrack is not represented as:

  • HIPAA certified
  • FDA validated
  • GLP certified
  • GMP certified
  • ISO certified

Customers should conduct their own validation and qualification activities where required.

14. Security Contact

Security questions, vulnerability reports, or incident-related inquiries may be directed to:

security@santurcesoftware.com

Terms Privacy Security DPA Subprocessors Technology Acceptable Use Cookies Copyright