Pre²Med X-Portal

1. Introduction

Welcome to Pre2MedX, a secure bioinformatics analysis platform designed for researchers and academic use. This document outlines our Cookie Policy and comprehensive Data Privacy Statement in compliance with academic publishing standards and data protection regulations.

2. Data Protection and Privacy Framework

2.1 Core Privacy Principles

We adhere to the following fundamental privacy principles:

• Data Minimization: We collect only essential data required for platform functionality
• Purpose Limitation: Data is used exclusively for stated analytical purposes
• Storage Limitation: User data is retained only as long as necessary for analysis
• Integrity and Confidentiality: All data is protected with industry-standard security measures
• Transparency: Clear communication about data usage and storage practices

2.2 User Data Protection

Our platform implements a multi-layered security approach:

• Encryption: All user credentials and sensitive data are encrypted using AES-256 encryption
• Authentication: Secure login system with encrypted password storage using bcrypt hashing
• Access Control: Role-based access control ensures data is only accessible to authorized users
• Session Security: Secure session management with automatic timeout protection
• Data Isolation: User data is logically isolated and never shared between accounts

3. Cookies Usage and Technical Implementation

3.1 What Are Cookies?

Cookies are small text files stored on your device that enable specific website functionalities. Our platform uses cookies exclusively for technical and security purposes.

3.2 Cookies We Use

The table below details all cookies implemented on our platform:

3.3 Strictly Necessary Cookies

These cookies are essential for platform operation:

• CSRF Token Cookie (csrftoken): Critical for preventing Cross-Site Request Forgery attacks. Without this cookie, data submission functionality will be disabled for security reasons.
• Session Cookie (sessionid): Required for maintaining authenticated sessions and ensuring data access security.

4. Data Processing and Analytical Workflow

4.1 Data Upload and Processing

Our platform processes user data with the following safeguards:

• User Control: Users maintain complete ownership and control of uploaded data
• Temporary Storage: Analysis data is stored temporarily during processing and automatically purged after 30 days
• No External Access: We do not access, modify, or analyze user data beyond the explicit analytical tasks requested
• Encrypted Storage: All uploaded data is stored in encrypted format during processing

4.2 Analysis Results and Output Data

Analysis results are handled with strict privacy controls:

• Access Control: Results are only accessible to the authenticated user who initiated the analysis
• Secure Links: Shared result links are protected with unique, cryptographically secure tokens
• Data Retention: Results are retained for 90 days to allow for academic review, after which they are automatically deleted
• No Commercial Use: We do not use analysis results or user data for any commercial purposes

4.3 Technical Implementation Details

Our platform utilizes Django's security framework with the following middleware configuration:

• SecurityMiddleware: Implements HTTPS redirect and security headers
• SessionMiddleware: Secure session management with encrypted cookie storage
• CsrfViewMiddleware: CSRF protection for all POST requests
• AuthenticationMiddleware: Secure user authentication system
• XFrameOptionsMiddleware: Clickjacking protection

5. User Rights and Data Management

5.1 Your Rights

As a user of our platform, you have the right to:

• Access: Request information about your stored data
• Rectification: Correct inaccurate personal data
• Erasure: Request deletion of your account and associated data
• Restriction: Limit processing of your data
• Data Portability: Export your analysis results in standard formats
• Objection: Object to data processing

5.2 Cookie Management

You can manage cookie preferences through:

• Browser Settings: Configure cookie acceptance in your browser preferences
• Platform Interface: Use our cookie consent banner to update preferences
• Clear Browsing Data: Remove stored cookies through browser settings

6. Security Measures and Compliance

6.1 Security Implementation

We implement comprehensive security measures:

• Regular Security Audits: Monthly security assessments and vulnerability scans
• Encryption: TLS 1.2+ for data in transit, AES-256 for data at rest
• Access Logging: Comprehensive audit trails of all data access
• DDoS Protection: Infrastructure-level protection against attacks
• Backup Systems: Regular encrypted backups with disaster recovery protocols

6.2 Compliance Framework

Our platform is designed to comply with:

• Academic publishing requirements for data integrity
• Institutional review board (IRB) standards for data protection
• GDPR principles for data privacy (for EU users)
• FERPA guidelines for educational data protection

7. Policy Updates and Contact Information

7.1 Policy Revisions

This policy may be updated to reflect:

• Changes in platform functionality
• New security implementations
• Updates to compliance requirements
• Feedback from the research community

Substantial changes will be communicated through platform notifications and updated revision dates.

7.2 Contact Information

For questions, concerns, or data management requests:

• Email: [email protected]
• Institutional Address: School of Life Sciences and Technology, Tonji University
• Data Protection Officer: Jie Zheng