Data Security Frequently Asked Questions

How is LDbase complying with GDPR?

LDbase has taken several steps to comply with GDPR, including creating our Terms of Use with the GDPR in mind, ensuring GDPR compliance of third-party vendors and executing Data Processing Addendums with each, and putting into place policies and procedures for deleting user data. As an entity of Florida State University, we follow the Florida State University Privacy Policy.

What types of data does LDbase collect?

LDbase may collect various data that you share upon registering and in using LDbase. This data allows you to log into LDbase and is how we create and display your user profile. 

Can I have my data deleted?

You’re always welcome to deactivate or delete your account. If you’d like to delete your account and personal data, please email LDbase@fcrr.org.

Can I opt out of having my data collected?

You’re always welcome to deactivate or delete your account. You should be aware that information that you've shared with others or that others have copied may also remain visible after you have closed your account or deleted the information from your own profile. In addition, you may not be able to access, correct, or eliminate any information about you that other users have copied or exported out of LDbase, because this information may not be in our control. Your public profile may be displayed in search engine results.

You can opt out of having LDbase collect usage tracking cookies, but you have to accept a basic functional session cookie in order to be able to log in to LDbase. This functional session cookie does not store any personally identifiable data.

How can I export my data?

Currently LDbase does not have an automated export feature, but you may log in to your account and download and extract your data using the generic LDbase interface.

What if I cannot consent to the Terms of Use and Privacy Policy?

If you cannot consent to the terms and privacy policy, you may choose to not use LDbase. If you have previously consented and then changed your mind, you may close your account at any time and request your data to be deleted by contacting us at LDbase@fcrr.org.

What if I don't want to make anything available publicly in LDbase?

LDbase is designed for public data sharing, and has limited private functionality. You can keep projects, or components within projects, unpublished, but there is limited functionality in this stage. When published, the metadata you have entered of projects and their component parts will be publicly available. You are able to choose to have a dataset embargoed, therefore private, for as long as you wish. But the metadata of that data, which you have entered, will be public. 

How secure is my information?

Security is extremely important to us. When you sign up and create a password, your password is not recorded. Instead, we store a bcrypt hash of your password. This is a computation on your password that cannot be reversed, but is the same every time it is computed from your password. This provides extra security. No one but you can know your password. When you click "Forgot your password," LDbase sends you a one-time login link because it neither stores nor has the ability to compute your password.

How does LDbase store and backup files that I upload to the site?

LDbase files are uploaded and stored in Amazon’s S3 file system. Nightly incremental file backups are stored in Glacier. Please refer to S3 and Glacier documentation for details about the other robustness features they provide.

The LDbase database is backed up via streaming replication 24 hours a day, and incremental restore points are made four times per day. In addition, the LDbase database is maintained in encrypted snapshots for an additional 30 days. 

Logs are primarily stored in AWS Glacier indefinitely. Our logs do not include any personally identifiable data (IP addresses are anonymized during collection).

Is data stored on LDbase Storage encrypted? What are my options?

Transfer of data to LDbase storage is encrypted with SSL. If you would like your data to be encrypted at rest, you can encrypt it before uploading to LDbase storage. Otherwise, data at rest is not encrypted on LDbase storage.

Is the LDbase HIPAA and/or FERPA compliant?

You should refer to your institutional policies regarding specific security requirements for your research. As a reminder, as stated in our Terms of Use, you hold the responsibility for making sure any datasets you upload to LDbase are deidentified, including being HIPAA and FERPA compliant.