How safe is my data? - Security

How safe is my data?¶

Data stored on grand-challenge.org is safeguarded with robust security measures. All data is hosted in Amazon Web Services (AWS) S3 buckets, a highly secure and reliable storage service. Data is encrypted both in transit using secure communication protocols and at rest with advanced encryption standards. Access is strictly controlled, with permissions granted only to individuals explicitly authorized by the data owner.

We’ve implemented strong, multi-layered security protocols to safeguard the Grand Challenge platform and the sensitive data it handles. From regular external audits to continuous internal improvements, we take every step to ensure your data remains secure, confidential, and accessible only to authorized individuals.

Penetration Testing and Static Code Review¶

In 2024, a comprehensive penetration test as well as a static code analysis was performed by the independent security firm nSEC/Resilience.

Summary of penetration test results:

✅ No critical, high, or medium severity vulnerabilities were found.
🔒 The platform proved robust against injection and common attack vectors.
🔍 A few low severity findings were identified in session management and configuration—all have since been resolved.

Outcome of the static code review:

The review concluded that the codebase is secure and well-maintained.
Recommendations from the report have been reviewed and implemented where applicable, further strengthening the platform’s resilience.

Data Protection Impact Assessment (DPIA)¶

We regularly perform Data Protection Impact Assessments to comply with the GDPR and ensure transparency in how we process personal data.

Hosting & Infrastructure Security¶

Grand Challenge is hosted on Amazon Web Services (AWS), which provides secure and compliant infrastructure trusted globally.