Last Updated: February 24, 2025
We take the security of your data very seriously. Below are some key practices and policies we have in place to safeguard your data.
Our primary data hosting solution is provided by Render.com, with all customer data stored in Frankfurt, Germany, ensuring compliance with EU data protection laws.
All customer data is encrypted both at rest and in transit using industry-standard encryption protocols. At rest, data is encrypted using AES-256, and all endpoints use TLS 1.2 or higher for secure transmission.
We enforce strict access controls to guarantee the confidentiality, integrity, and availability of your data. Access is restricted to authorized personnel only, and all actions are logged and monitored.
We employ industry-standard authentication mechanisms, such as strong randomly-generated passwords and trusted OAuth providers (e.g., Google Sign-In), to ensure secure user access to the platform.
We implement multiple layers of security, including user authentication, user authorization, data encryption, firewalls, and intrusion detection systems, to prevent unauthorized access to customer data.
Our database is backed up in regular intervals, and it supports point-in-time recovery (PITR). It is also regularly backed up to a secure offsite location to ensure that your data is safe and can be restored if needed.
We have a well-defined incident response plan in place. In the event of a security breach, we promptly investigate, contain the impact, and notify affected customers as necessary.
All data transfers are encrypted using TLS 1.2 or higher to ensure that your data remains confidential during transmission.
Our hosting provider, Render.com, has DDoS protection in place to safeguard against large-scale attacks.
We actively monitor for security vulnerabilities and promptly apply patches to address any identified risks. We regularly audit our dependencies (e.g., using npm audit) to ensure our systems are up to date.
We have a comprehensive disaster recovery plan in place to ensure business continuity in the event of an outage. In critical situations, we can quickly restore services with an alternative hosting provider.
We fully comply with all applicable data protection regulations, including GDPR, to ensure the privacy and security of your data.
While we do not currently have certifications such as ISO 27001 or SOC 2, we remain committed to upholding the highest standards of security and privacy.
You may request access, modification, or deletion of your data by contacting our support team. We strive to respond promptly and take appropriate measures to address such requests.