Dropbase deployments are self-hosted in your own VPC. Deploiyments consist of both the Dropbase Worker and Dropbase Client.
Dropbase Worker servers are responsible for storing your sensitive and production credentials and for querying and processing your data within your VPC.
Dropbase Client makes secure requests to the Worker to fetch data.
No sensitive data flows from the Worker to Dropbase servers. All data fetches are performed directly from your self-hosted Client to your self-hosted Worker.
We enable Editor, Admin, and Owner permission levels within the Dropbase app.
Admin permissions ensure only authorized users can remove team members, change other teammates' permission levels, and sync changes to your production databases, SaaS apps, or APIs. Owner permissions ensure nobody else can delete or remove your workspace, including any connected sources, tables, or syncs. Only owners can control billing and invoicing settings.
Network & Application Security
Data Hosting and Storage.
All Dropbase services are hosted with Amazon Web Services (AWS) in the United States in the US West region.
Failover and Disaster Recover
We have the ability to leverage multiple AWS availability zones and we will be able to quickly restore availability should any data center fail.
Virtual Private Network
All of our servers are located within an isolated Virtual Network separated from other internal & external networks that prevent unauthorized access.
Encryption
All data sent to or from Dropbase is encrypted in transit. All credentials stored by Dropbase are encrypted at rest, using 256 bit encryption. Our API and application endpoints are TLS/SSL only.
Backups and Monitoring
We use AWS backup services to reduce any risk of data loss in the event of a hardware failure, backup to multiple data centers and utilize a number of monitoring services to alert the team in the event of any failures affecting users.
People Security
Employee Vetting
Dropbase performs background checks on all new full-time employees in accordance with local laws. The background check includes employment verification and criminal checks for employees.
Confidentiality
All Dropbase employees are required to sign a confidentiality agreement before they begin.
Access and Identity
Permissions and Authentication
Access to Dropbase infrastructure is limited to authorized employees who require it for their role. Changes are automated using access roles with the least required permissions. Every Dropbase page and service is served over HTTPS. We have and strong password policies on GitHub, Google Workspace, AWS and other critical tools and services to ensure access to cloud services are protected. When employees leave Dropbase, accounts tied to employee emails are disabled.
Least Privilege Access Control
Dropbase adheres to the principle of least privilege with respect to identity and access management.
Compliance
PCI Compliance
All payments made to Dropbase go through our payments partner, Stripe. Details about their security setup and PCI compliance can be found here.
SOC 2 Compliance
Dropbase is currently evaluating SOC 2 Type 2 compliance process and vendors.
