We take security very seriously at budibase - ensuring that your data is safe is crucial.
Budibase only stores your actual row data when using the budibase internal database. This is stored on a highly secure, scalable and fault tolerant multi-node couchDB cluster running in AWS, with the latest EC2 security updates.
When using external datasources, budibase works entirely as a proxy, and calls the datasource directly, returning the results to the client.
Database credentials are always applied server side, and will never be exposed in the UI.
The self-hosted version of budibase can be deployed entirely inside your own network, on your own servers. When running self-hosted, you have total control over how you want to secure your data, and it never has to leave your VPC.
- Force HTTPS connections and data-in-transit encryption in budibase cloud with TLS.
- Full Audit log tracking in budibase cloud for our internal systems.
- Regular penetration tests and AWS security configuration audits from 3rd party vendors
- Very regular data backups and snapshots in budibase cloud coupled with consistent database replication to minimise risk of data loss
- Host all servers in Ireland in SOC 1/2 and ISO 27001 certified datacenters.
- 2FA enabled for internal budibase cloud access.
You can get in touch with us regarding a vulnerability via email at [email protected]
You can also disclose via huntr.dev. If you believe you have found a vulnerability, please disclose it on huntr and let us know.
This will enable us to review the vulnerability and reward you for your work!
Updated about 1 month ago