logo

How We Keep Your Data Safe

Your Security is Our Priority

Every day, businesses trust us with their sensitive data connections. We've built our platform from the ground up with enterprise-grade security measures that protect your data at every step. Our security-conscious team regularly conducts assessments, penetration testing, and security updates to stay ahead of emerging threats.

Encryption: Your Data is Locked Down

We use AES-GCM (Advanced Encryption Standard), the same encryption technology trusted by governments and financial institutions worldwide. Think of it as a vault where each piece of your data gets its own unique lock and key:

  • Military-Grade Encryption: 256-bit encryption keys protect your credentials
  • Unique Security: Each data source gets its own random salt and IV
  • Isolated Storage: The encrypted credentials, salt, and IV are stored in a completely separate, isolated database from our main application database. This means even if our main system were compromised, your encrypted credentials would remain secure in their isolated environment.
  • Separate Databases: Each data source connection gets its own dedicated database for storing these security components, ensuring complete isolation between different data sources

How We Handle Your Connections

Connection Process

  1. When you add a new data source, we first test the connection to ensure it works
  2. Once verified, we immediately encrypt your credentials using AES-GCM encryption
  3. We create a new isolated database specifically for this data source
  4. The encrypted credentials, unique salt, and IV are stored in this isolated database, completely separate from our main application
  5. Each data source gets its own dedicated storage space, ensuring complete isolation
  6. A dedicated VPS is created specifically for this data source:
    • This VPS handles all connections for this specific data source
    • It remains isolated from other data sources
    • It persists for as long as the data source is active
    • This ensures consistent, secure, and isolated connections

Isolated Environments

We implement multiple layers of isolation to protect your data:

  1. Database Isolation

    • Each data source lives in its own separate database
    • Your encrypted credentials, salt, and IV are stored in dedicated isolated databases, completely separate from our main application
    • Each data source gets its own isolated storage environment
    • No data crossing between different sources
    • Independent security boundaries for each connection
    • Even in the unlikely event of a main application breach, your credentials remain secure in their isolated storage

  2. Query Isolation

    • Every chart query runs in its own secure environment (Cloudflare Durable Object)
    • Automatic cleanup after query completion
    • Resource and memory isolation between queries

Smart Caching Strategy

We optimize performance while maintaining security:

What We Cache:

  • Database schema (table structures and relationships)

What We Never Cache:

  • Query results
  • Individual data points
  • User credentials in plain text

All cached data has automatic expiration and cleanup protocols.

How We Process Queries

Each data source has its own dedicated VPS:

  1. When a chart needs data, the query is sent to the dedicated VPS for that data source
  2. This isolated VPS:
    • Has its own secure memory space
    • Can only access its specific data source
    • Cannot interact with other data sources' VPSs
  3. The encrypted credentials are securely decrypted within this isolated environment
  4. The query runs in this secure, isolated space
  5. Results are aggregated and cached if needed

This approach ensures maximum security by:

  • Maintaining a dedicated, isolated environment for each data source
  • Preventing any cross-communication between different data sources
  • Keeping connections secure and consistent
  • Using isolated memory spaces for each data source's operations

Technical Implementation

Our security implementation includes:

  • AES-GCM encryption with 256-bit keys
  • PBKDF2 key derivation
  • 16-byte unique salt per data source
  • 12-byte initialization vector (IV)
  • Secure credential storage and handling
  • Isolated query processing

Future Improvements

We're committed to continuously enhancing our security measures:

Compliance Certifications (2024-2025)

  • SOC 2 Certification: In progress, expected completion Q3 2024
    • Third-party validation of our security controls
    • Regular security assessments and audits
  • HIPAA Compliance: Assessment starting Q4 2024
    • Enhanced data protection measures
    • Strict access control protocols

Security Enhancements

  • Advanced threat detection implementation
  • Expanded security monitoring capabilities
  • Automated security testing in our development pipeline

Questions?

Our security team is here to help explain our practices and answer any questions about how we protect your data.

Contact: security@baseflw.com