How SafeInsights Works

SafeInsights protects student privacy through a compute-to-data architecture: "We open the data while releasing none of it."

The Secure Enclave Approach

[Diagram from your requirements showing the "no humans" barrier]

Step 1: Create your SafeInsights account and profile

Share information, subsets of which will be made conditionally shared with Data Organizations (DOs) and other researchers.

Step 2: Browse the Data Catalog) to identify a DOs that is most likely able to support your research question

From our initial cohort of X DOs, select the populations they serve and identify the one that closely matches your goals.

Step 3: Initiate your research request to the DO

This lightweight initial step will enable the DOs to evaluate the feasibility, intellectual merit, and educational impact of your research. DOs may approve, request changes, or decline your request.

Step 4: Once approved, complete the legal agreements, Institutional Review Board (IRB) form

In addition to the technical infrastructure, SafeInsights also provides the legal and IRB supports that impact the research lifecycle. When researchers join SafeInsights and initiate research requests, they are asked to sign the researcher-to-DO legal agreements.

All post-hoc or secondary analysis research on SafeInsights will be governed by an [umbrella IRB protocol](umbrella IRB protocol) with Rice University IRB as the IRB of record. However, to help determine if your research is in alignment with the umbrella protocol and provide greater methodological clarity, you will need to fill out an IRB form on SafeInsights.

Step 5: Yay, your proposal is approved! Now start your analysis.

You can use the SafeInsights Coding, Review, and Testing Environment (CRATE)-AI IDE to start coding your analysis based on the sample data from the DO. Every DO will share starter code, sample code snippets, and additional analysis vignettes to get you started.

The CRATE AI will be added source of coding and documentation support. Grounded in DO-centered documentation, the AI will be able to tackle natural language queries from you and provide just-in-time coding help.

Behind the scenes, when you are ready to submit, all your analysis code is packaged up in a container and shipped off to the DO for review

Step 6: DO reviews your code

When DO receives your code, they test the code to ensure there's no reindentification risk and there's appropriate cell suppression for small subgroup analyses (n < XX). When it passes all the DO reviews, your container runs inside the data organization's secure enclave:

  • Your code can "see" the data
  • You cannot see the data
  • Your code cannot send data out
  • Only approved, aggregated outputs can exit

Step 7: Output Review

Before you receive results

  • Automated checks verify outputs meet privacy thresholds
  • Human reviewers confirm no identifiable information
  • Only aggregated results (tables, statistics, plots) are released

What This Means for You

You Never See:

  • Individual student records
  • Small cell counts that could identify students
  • Raw data exports

You Do Receive:

  • Aggregated statistics
  • Summary tables
  • Statistical model outputs
  • Visualizations

This approach enables large-scale research while protecting student privacy.

Security & Standards

SafeInsights follows:

  • CIS Controls v8 for cybersecurity
  • DO security requirements

[Link to more in Privacy section]

Next Steps