// Trust & Security Report
Insilico Medicine Hong Kong Limited
Pharma.AI platform for generative AI-driven drug discovery, including Chemistry42 (molecular design), PandaOmics (biomarker discovery), PreciousGPT (scientific LLM), Science42:DORA, and Medicine42. Serves biotech and pharmaceutical companies.
Certifications held
1
Maturity
Enterprise
Trains on your data
Yes
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on insilico.com“If you are located in the EEA, our legal basis for collecting and using your Personal Data...depends on the Personal Data we collect and the specific context.”
> Show 7 unconfirmed / not-held certifications
No public evidence found on vendor website or investor relations materials.
No public evidence found on vendor website or investor relations materials.
No public evidence found on vendor website or investor relations materials.
source: insilico.comNo public evidence found on vendor website or investor relations materials. Not mentioned in privacy policy or terms of service.
source: insilico.comNo public evidence found. Despite heavy AI focus, no AI governance certification mentioned.
// Privacy & AI training
Trains on customer data
Yes
Data processing agreement
Not offered
Data region
Multi-region: Primary processing in Hong Kong. Data stored in Seoul (Korea) for cloud.chemistry42.com SaaS, Ireland for lab.chemistry42.com SaaS. Data transfers to and from Hong Kong documented in privacy policy.
Privacy policy states 'We use information to...provide, maintain, and improve the Service.' Users can train models on proprietary data. MMAI Gym for Science trains on pharmaceutical datasets. No explicit mechanism documented for opting out of model training or improvement use.
// Security controls
Encryption in transit
Stated in privacy policy: 'no method of transmission over the internet is 100% secure' with commitment to 'commercially acceptable means to protect your Personal Data.' Specific protocols not disclosed.
insilico.comCloud infrastructure
Built on AWS (EC2, S3, SageMaker). Insilico is AWS Partner. Specific AWS compliance certifications not documented by Insilico.
aws.amazon.comVirtual Private Cloud (VPC) deployment
PandaOmics offers secure VPC deployment option for enterprise customers requiring on-premises or isolated cloud infrastructure.
insilico.comIdentity & Access Management
Single Sign-On (SSO) integration with identity providers including Okta available for PandaOmics and enterprise platforms.
insilico.comData analytics
Uses Google Analytics for user behavior tracking. Users can opt out via Google Analytics Opt-out Browser Add-on.
pharma.ai// Products & data scope
data: Target discovery, lead optimization, molecular design, clinical trial prediction. Handles proprietary pharmaceutical compounds and research data.
Main integrated platform covering full pharmaceutical R&D pipeline. Enterprise-grade security mentioned in marketing. VPC deployment available.
data: Small molecule design, structure generation. User can upload proprietary chemical structures.
SaaS hosted on AWS. Data stored in Seoul (cloud.chemistry42.com). Over 20 pharma companies using it.
data: Omics data, biomarker identification, target validation. Handles genomic and proteomic data.
Offers VPC deployment for regulated environments. SSO integration available.
data: Biomedical text generation, literature analysis, hypothesis generation.
Used to train customer models on proprietary data. MMAI Gym for Science provides training framework.
data: Multi-omics data integration, disease modeling.
Terms require users to ensure data compliance with local laws and obtain explicit consent from data owners.
data: Pharmaceutical-grade training datasets for chemical and biological superintelligence.
Allows fine-tuning of models (including third-party LLMs) on Insilico datasets and custom user data.
// What to watch
- No public SOC 2 certification despite handling sensitive pharma IP and clinical trial data. Company works with regulated pharma but no SOC 2 Type 2 public evidence.
- No ISO 27001 certification publicly documented despite enterprise biotech maturity and 2025 HKEX IPO.
- No HIPAA compliance mentioned, though some customers may be HIPAA-covered entities.
- AI training practices not fully transparent: privacy policy states data used to 'improve the Service' but no explicit opt-out mechanism documented for model training.
- Data stored in multiple regions (Hong Kong, Seoul, Ireland) with unclear default residency for new customers.
- AWS infrastructure used but vendor does not publicize AWS compliance certifications (AWS has SOC 2, ISO 27001, HIPAA for their services).
- Compliance contact exists (compliance@insilico.ai) but no trust center or public compliance documentation page.
- HKEX IPO prospectus (December 2025) not reviewed for additional compliance claims.
- Enterprise-grade security mentioned in marketing but not substantiated with third-party attestation.
// At a glance
Pricing model
SaaS subscriptions with enterprise licensing. Pricing not publicly available; custom quotes for enterprise deployments.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Insilico Medicine Hong Kong Limited's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
insilico.com