Helix Insight

Documentation / Data and Privacy / Infrastructure

Infrastructure

All genomic data processing occurs on dedicated hardware located in the European Union. The infrastructure is purpose-built for clinical genomics workloads, not shared multi-tenant cloud services.

Overview

TypeDedicated bare-metal server (not shared cloud)
LocationHelsinki datacenter, Finland (EU)
JurisdictionFinnish and EU data protection law
ProviderEuropean hosting provider, subject to EU law only
CapacityEnterprise-grade server optimized for genomics workloads (multi-core, high memory, NVMe storage)

Why Dedicated Hardware

Multi-tenant cloud providers (AWS, GCP, Azure) share physical infrastructure across customers. Even with logical isolation, genetic data processing on shared hardware introduces risks that dedicated servers eliminate:

Physical isolation

No other customer’s workloads run on the same hardware. There is no risk of side-channel attacks, noisy neighbor performance degradation, or accidental data exposure through shared resources.

Jurisdiction certainty

The server is physically located in Helsinki, Finland. Unlike cloud providers that may move workloads between regions, the physical location of the data is fixed and verifiable.

No US jurisdiction exposure

Major cloud providers are subject to US laws (CLOUD Act, FISA) that can compel disclosure of data stored on their infrastructure regardless of physical location. Our hosting provider is a European company subject to EU law only.

Full administrative control

Helena Bioinformatics has exclusive root-level access to the server. No hosting provider employee has access to the operating system, storage, or network configuration.

Security Measures

TLS 1.3 encryption for all data in transit

AES-256 encryption for data at rest

Network firewall with restrictive inbound/outbound rules

Role-based access control (RBAC) for all platform functions

Comprehensive audit logging of all data access and processing activities

No outbound network access from the variant processing pipeline

Regular security assessments and vulnerability scanning

Automated intrusion detection and alerting

Data Path

When a laboratory uploads a VCF file, the data travels over TLS 1.3 directly to the Helsinki server. The file is parsed, annotated, classified, and scored entirely on this server. Results are stored on the same server. At no point does the data transit through non-EU infrastructure or third-party services.