Platform Infrastructure

Our core commitment is to the security and integrity of your data. It’s no surprise, therefore, that we chose Amazon Web Services, the world’s leading cloud service platform, to host our infrastructure.

AWS Standards

By using AWS to power our platform, we absorb the highest global standards of AWS architecture, server operations, and compliance regulations to host your data. When you run your business on Tadabase, you can do so confidently knowing that your data is secured by AWS best practices and the industry’s most advanced cloud security controls. You can read more about AWS security practices here.

image_not_found
image_not_found

Physical Security

Tadabase data is hosted in AWS data centers that have been certified as ISO 27001, PCI/DSS Service Provider Level 1, and/or SOC II compliance.

AWS data centers are secured by global AWS Security Operation Centers and advanced physical security measures which you can read more about here.

shape_not_found
spahe_not_found

Network Security

Our network security architecture consists of multiple security zones to protect against unauthorized access at all times.

We use Sqreen, a third party network security solution, to monitor and protect our infrastructure from automated scanners, bots, and targeted attacks. It blocks attacks and alerts in case of critical threats. It also brings additional features like IP blocking and firewalls that monitor and control incoming and outgoing network traffic.

Dedicated Security Team

Tadabase staff includes a dedicated rapid-response security team for 24/7 prevention monitoring and reactive response to security alerts and events.

image_not_found
image_not_found

Application Security Protection

Tadabase uses Sqreen to integrate advanced protections within our applications and protect our users from data breaches. It integrates protections against the most critical attack categories, such as SQL injections and cross-site scripting, and adds security headers to our applications. It blocks attacks in real-time and warns us when attackers start stressing our applications. Sqreen uses a runtime protection system that identifies and blocks OWASP Top 10 and business logic attacks in real-time.

Availability and Continuity

System Status Monitoring

Tadabase maintains a publicly available status webpage which lists current system status stats, security event history details, and scheduled upgrade and/or maintenance details.

AWS Auto-Scaling and Load Balancing

Tadabase uses AWS architecture features such as auto-scaling and elastic load balancing to automate our scalability and ensure that apps are always optimized for speed, high availability, and redundancy.



System Updates

Tadabase maintains a publicly available updates webpage which lists a chronological history of all recent updates including new product features, improvements, and big fixes.

Redundancy

Tadabase stores data on multiple databases to eliminate single points of failure and increase availability. Data is stored in multiple locations to distribute availability across multiple geographic locations and time zones.Tadabase employs daily backups of active apps for further redundancy and stores backups across multiple locations separate from the database servers.

Backup and Restore

All active Tadabase apps are backed up on a daily basis, encrypted with AES-256 encryption keys, and stored across multiple locations that are separate from the database servers.All daily backups can be restored instantly by our support staff. We are currently in process of enabling users to see backup logs from within the builder. Users are free to manually backup their data at any time by exporting their data to a CSV file.



Disaster Recovery

Tadabase enforces strict Disaster Recovery policies including daily encrypted backups, daily testing procedures, and strategic disaster recovery planning and training to ensure that data is available and restorable in case of disaster.

Data Export

Easily create exportable templates or automate a data backup to export all your data easily from the platform.



Encryption

Encryption in Transit

All data sent to or from our infrastructure is encrypted in transit via industry best practices using Transport Layer Security (TLS).

Encryption at Rest

All our user data (including passwords) is encrypted using battled-proofed encryption algorithms in the database.



Gov.-Grade Encryption

We use SHA-256 and AES-256 encryption, the strongest encryption available used by governments, banks, and federal-level agencies around the world.

Product Security Features

IP Whitelisting

With this feature you can enable IP address whitelisting within your app settings to ensure that your apps are only accessible by networks you’ve authorized.

Granular Page Controls

Assign roles for each of your users and define the data access permissions each role has. Restrict access to pages and parts of pages of your app to specific users who you deem relevant and authorized to view those pages or sections.

We recommend following the least-privilege approach with which you enable necessary pages vs blocking restricted pages. To learn more about maximizing user roles and permissions please contact support@tadabase.io.

Record-level Security

Create connections between users and records to ensure that logged-in users can only access records that are connected to them.

Password Protection

Define custom password policies for each user and for each application, ensuring that users meet the password requirements you determine to be appropriate for specific apps and users.

Password Encryption

All user passwords are encrypted and hashed.

Data Encryption

All data is encrypted and secured with SSL.

Record Change Logs

View all changes made in your app with additional meta data such as location, IP address and other browser and user details.

Page time-out settings

Tadabase customers can create custom time-out settings to ensure that devices left unattended for a specified amount of time to require re-logging in for continued access.

Login Logs

Track all successful and failed logins to your application.

Block Failed Login Attempts

Enable custom settings to block an ip or user after x number of logins within x minutes.

2 Factor Authentication

Require 2 Factor Authentication for your users to login into your app.

Singe Sign On (SSO)

Use Single Sign On to require your users to login using a specified vendor such as Google

Whitelisted Email Domains

Add whitelisting to only allow signing up from white-listed domains.

Email Logs

Track and monitor all emails sent from your app.

Builder Logs

Track and monitor all changes made to your app from within the builder.

Delete Logs

See and track all deleted records from within your app.

API Keys

Secure your app with advanced permissions for your API keys such as enabling or disabling access to delete, edit, or get records. You can also enable or disable any API keys as needed.

Policies

Tadabase maintains a publicly available Privacy Policy which outlines our corporate policies on how we keep your data private and secure.

Any data you store on Tadabase is owned by you and Tadabase claims no ownership on your data.

If you need support assistance from the Tadabase support team you can enable access for the Tadabase support team to access your account to troubleshoot any issues with your applications or account. By default, this support access is disabled and can only be enabled by an account admin in the security settings of your app.Any support access to your account by the Tadabase support team is logged and time-stamped.Any support access to your account by the Tadabase support team is done via a secure virtual private network that is continuously monitored by our dedicated security team for security alerts or events.

As part of our SOC 2 readiness for compliance, we have implemented best practices for employee onboarding and offboarding according to SOC standards and we conduct background checks for all our employees Upon employment at Tadabase, every employee undergoes extensive onboarding and training to learn how to protect customers’ data and properly access customers’ data for support purposes with the explicit permission of the customer according to SOC compliance standards and our corporate privacy policy.Upon employment at Tadabase, all employees sign non-disclosure and confidentiality agreements to ensure that employees are legally bound to uphold our privacy policies and procedures.

Tadabase engineers conduct development and testing on a development platform completely separate from any live data. Bugs, errors, development kinks, etc. are fully tested in our separate “development sandbox” via comprehensive testing procedures to ensure that live data is not affected by bugs, errors, security vulnerabilities, or imperfect development.Tadabase uses Sqreen to remediate vulnerabilities that were triggered by security tests, audits, or bug bounty programs. We are also warned when application components with known vulnerabilities are used in production (dependencies).

shape_not_found
spahe_not_found

Compliance

AWS Compliance

Amazon is continuously audited by 3rd party compliance controls and holds compliance certifications from the strictest compliance programs including SOC 3 and ISO 27001. Learn more about AWS compliance here.

SOC 2

Tadabase is SOC 2 Type 1 compliant and will be SOC2 Type 2 compliant no later than January, 2022. Certification of SOC 2 compliance will certify our best practices for security, availability, and confidentiality by an independent 3rd party auditing program and the leading standard for cloud security control. Please contact us at Security@tadabase.io for more information on our SOC 2 readiness and future compliance.

HIPAA

Tadabase offers HIPAA compliant editions of our platform which will include field level encryption, password policies, and BAA agreements. Please contact us for more details at Security@tadabase.io.

GDPR

Tadabase is GDPR ready. The purpose of GDPR is to protect the private information of EU citizens and give them more control over their personal data. Please contact us at Security@tadabase.io for more information on our GDPR readiness and future compliance. Tadabase has an available Data Processing Addendum for paid plans that can extend the terms of service to reflect the processing of personal data. Please contact Security@tadabase.io for more details on getting the DPA.

Penetration Testing

Tadabase performs annual PenTesting on all production environments being utilized for storing and processing your data.

Privacy Policy

Tadabase maintains a publicly available Privacy Policy which outlines our corporate policies on how we keep your data private and secure.

DMCA

Tadabase maintains a publicly available Privacy Policy which outlines our corporate policies on how we keep your data private and secure.Tadabase respects intellectual property rights and publishes its Digital Millennium Copyright Act (DMCA) Copyright Policy.

Additional Resources

Secure Your App with IP Security in Tadabase

See a simple example of some of the power of Tadabase and adding advanced security to your app.

Get started for free

Build the custom database your business deserves.