Upload controls
The portal only issues upload tokens after consent, accepted filename and extension checks, and size checks. Genome uploads land in quarantine before compatibility review and promotion to the raw genome vault.
Report controls
Reports are released through the authenticated portal, not email attachments. Download tokens are short-lived, and downloads write audit events.
Deletion controls
Raw genome deletion removes the active object and records deletion evidence. Backup or object-version copies may persist until the configured expiry window; this caveat must stay visible in customer-facing wording.
Controls still to add
Self-service export, report deletion, retention preference changes, research withdrawal, and customer MFA step-up before downloads are being hardened before broader intake.