Overview: Our approach prioritizes safety by limiting storage of sensitive data, e.g. never store actual database data. We fully encrypt database connections using multi-server setup and our stack is hosted on AWS and Google Cloud for maximum security and scalability.
We only store database schema (table and column names and data types) and credentials, which are fully encrypted using a multi-server setup. The actual database data is NEVER stored. Apart from securely storing encrypted connection credentials, we keep a record of the database schema (table and column names and data type), for instance:
users: id, name, imageUrl, createdAt, updatedAt, isBlocked
posts: id, title, body, imageUrl, userId, createdAt, updatedAt
...
These are utilized by our AI to generate SQL queries for optimized accuracy. Here's a quick summary:
| Location | Stores data schema | Connection credentials | Stores database content |
|---|---|---|---|
| Server | Yes | Fully encrypted using multiple servers | Never |
| LocalStorage | Yes | Fully encrypted using multiple servers | Never |
Added data sources can be deleted at any time.
Our software takes connection credentials, encrypts them via containerized AWS Lambda functionalities, and stores the encrypted credentials on a separate server – one which does not hold the encryption key, that is, the database. This ensures that even if there is a data breach, the stolen data will be useless for the hackers.
Data sources can be removed any time by visiting the data sources page and deleting any data sources you no longer require. Deleted data sources can't be reinstated. Within seven days, any deleted data source will be taken off our backups and no longer available on our servers.
For the best security upon connecting to your data source, we suggest utilizing a "read only" user.
Upon generating a SQL or NoSQL, you can click "Run query" to actually execute the query on your connected database. This action prompts the generation of the query and encrypted credentials being sent to a separate server (fully containerized Lambda endpoint), where the query is run and the results returned. Neither of these data points are stored; our database connection server simply acts as a proxy, transmitting results between your database and the web UI.
Your data, including encrypted database credentials and the database schema will never be shared. Also, we do not store or have access to any data from running queries on your database.
Our services are hosted using Vercel (primarily as CDN), AWS Lambda, and Railway.app (which runs on Google Cloud). They constantly being monitored for vulnerabilities and threats.