![QB-logo-h-fullcolor 1 [Vectorized]](https://www.quilt.bio/hs-fs/hubfs/QB-logo-h-fullcolor%201%20%5BVectorized%5D.png?width=1440&height=301&name=QB-logo-h-fullcolor%201%20%5BVectorized%5D.png "QB-logo-h-fullcolor 1 [Vectorized]"){kind=logo}
Encryption at rest and in transit
Every object is encrypted with your AWS KMS keys in S3, and all connections use TLS. Your keys, your rotation policy.
Security & Trust Center
Your biology data never leaves your AWS account
Quilt deploys inside your VPC with a single CloudFormation template. Data stays in your S3 buckets, metadata in your RDS, compute on your ECS — governed by your IAM, encrypted with your KMS keys, logged in your CloudTrail.
- SOC 2 Type II
- HIPAA-eligible
- GxP-ready
- AWS Advanced Technology Partner
Zero egress, zero exceptions
One CloudFormation template deploys the full Quilt stack inside your VPC. ECS Fargate tasks, an ALB, and an RDS PostgreSQL instance run in private subnets with no public endpoints. Your data stays in your S3 buckets — the only external connection is license validation, and no data is ever transmitted.
Your AWS Account
Your VPC — private subnets
ALB
ECS Fargate
RDS PostgreSQL
Your S3 buckets — data never moves
Your IAM / SSO
Your KMS keys
Your CloudTrail
Only external connection: license validation. No data is ever transmitted.
- Your data stays in your AWS account — always
- Private subnets, no public endpoints, no data egress to vendor cloud
- JWT auth against your existing SSO (Okta, Azure AD, Auth0) — no separate user directory
- Every data access logged in your CloudTrail; every object encrypted with your KMS keys
Compliance built in, not bolted on
Designed for regulated life sciences from day one. We provide the SOC 2 report and a pre-filled security questionnaire to accelerate your review.
| Framework | Status | Scope |
|---|---|---|
| SOC 2 Type II | Audited | Quilt Cloud is SOC 2 Type II compliant. Report available under NDA for security reviews. |
| HIPAA | Eligible | Runs on HIPAA-eligible AWS infrastructure. Enterprise deployments inherit your VPC, IAM, KMS, and CloudTrail controls. |
| GxP | Ready | GxP-ready audit trails with full version history for every dataset. |
| 21 CFR Part 11 | Ready | Part 11-ready electronic records and audit trails for FDA-regulated workflows. |
| AWS Advanced Technology Partner | Validated | Validated deployments through the AWS Partner Network; available on AWS Marketplace. |
Why security teams approve Quilt
Zero data egress
Data stays in your S3 buckets. Metadata stays in your RDS. Compute runs on your ECS. The only external connection is license validation — no data is ever transmitted.
IAM & SSO governance
JWT auth against Okta, Azure AD, or Auth0. Your SSO policies — MFA, conditional access — apply automatically. No separate user directory or credential sprawl.
Audit trails in your CloudTrail
Every data access is logged in your CloudTrail, under your retention policy. Full version history shows who changed which dataset, and when.
Works with your existing security stack
KMS encryption, IAM policies, VPC security groups, CloudTrail logging. Quilt fits into your existing posture — no new attack surface.
Review-ready documentation
CloudFormation template, architecture diagrams, SOC 2 report, and a pre-filled security questionnaire. Most teams finish security review in 1–2 weeks.
Security FAQ
Does any data leave our AWS account?
No. Data in S3, metadata in RDS, compute in ECS — all in your VPC. The only external connection is license validation. No data is transmitted.
What does the CloudFormation template deploy?
ECS Fargate tasks, an ALB, an RDS PostgreSQL instance, and IAM roles with least-privilege policies. Everything in private subnets.
Can we deploy behind SCPs?
Yes. Quilt runs behind SCP-constrained accounts at large organizations. The template works within restrictive AWS Organizations policies.
How does authentication work?
JWT against your identity provider — Okta, Azure AD, or Auth0. No separate password management. Your SSO policies apply automatically.
Is Quilt SOC 2 and HIPAA-eligible?
Quilt Cloud is SOC 2 Type II compliant and runs on HIPAA-eligible AWS infrastructure. Quilt Enterprise deploys into your own AWS account, so it inherits your VPC, IAM, KMS, and CloudTrail controls.
How long does security review typically take?
Most teams finish in 1–2 weeks. We provide the CloudFormation template, architecture diagrams, SOC 2 report, and a pre-filled security questionnaire.
Review the architecture with a Quilt engineer
A 30-minute security walkthrough. No slides — just the CloudFormation template, the architecture, and your questions.