PortalChecking session

Trust centre

Security overview

A plain-language view of how Spoke protects uploads, reports, access, and deletion routes.

Implemented application controls

The portal uses authenticated access, role-aware case authorization, consent-gated uploads and processing, encrypted object storage, short-lived upload/download tokens, report release review, audit logging, security headers, request origin checks, app-layer rate limits, email-code step-up for report downloads, and Supabase-backed authenticator MFA for privileged actions when MFA enforcement is enabled.

Account security

Customers should keep their email account protected, avoid forwarding portal links, and contact security@spokedna.com if a login link, account, or report access route looks suspicious. We will add stronger self-service account security controls as the portal grows.

Controls being hardened

Broader genome intake depends on private production storage, WAF/rate limiting, separated cloud environments, key management, alerting, backup restore evidence, hardware-key admin MFA in the live identity provider, and a documented break-glass process.

Independent assurance

Certification and audit claims wait until evidence exists. The practical next step is Cyber Essentials readiness followed by Cyber Essentials certification and a lightweight external security review.

Trust centre

These pages describe the current product posture and the controls being hardened before broader intake. Certification, audit, and legal claims are made only when supporting evidence exists.

Back to Trust centre