Security Center

Product Security


Dropbase deployments are self-hosted in your own VPC. Deploiyments consist of both the Dropbase Worker and Dropbase Client.

Dropbase Worker servers are responsible for storing your sensitive and production credentials and for querying and processing your data within your VPC.

Dropbase Client makes secure requests to the Worker to fetch data.

No sensitive data flows from the Worker to Dropbase servers. All data fetches are performed directly from your self-hosted Client to your self-hosted Worker.

Secure Authentication.

Dropbase's securely stores encrypted authentication credentials.


We enable Editor, Admin, and Owner permission levels within the Dropbase app.

Admin permissions ensure only authorized users can remove team members, change other teammates' permission levels, and sync changes to your production databases, SaaS apps, or APIs.

Owner permissions ensure nobody else can delete or remove your workspace, including any connected sources, tables, or syncs. Only owners can control billing and invoicing settings.
Network & Application Security

Data Hosting and Storage.

All Dropbase services are hosted with Amazon Web Services (AWS) in the United States in the US West region.

Failover and Disaster Recover

We have the ability to leverage multiple AWS availability zones and we will be able to quickly restore availability should any data center fail.

Virtual Private Network

All of our servers are located within an isolated Virtual Network separated from other internal & external networks that prevent unauthorized access.


All data sent to or from Dropbase is encrypted in transit. All credentials stored by Dropbase are encrypted at rest, using 256 bit encryption. Our API and application endpoints are TLS/SSL only.

Backups and Monitoring

We use AWS backup services to reduce any risk of data loss in the event of a hardware failure, backup to multiple data centers and utilize a number of monitoring services to alert the team in the event of any failures affecting users.
People Security

Employee Vetting

Dropbase performs background checks on all new full-time employees in accordance with local laws. The background check includes employment verification and criminal checks for employees.


All Dropbase employees are required to sign a confidentiality agreement before they begin.
Access and Identity

Permissions and Authentication

Access to Dropbase infrastructure is limited to authorized employees who require it for their role. Changes are automated using access roles with the least required permissions.

Every Dropbase page and service is served over HTTPS.

We have and strong password policies on GitHub, Google Workspace, AWS and other critical tools and services to ensure access to cloud services are protected. When employees leave Dropbase, accounts tied to employee emails are disabled.

Least Privilege Access Control

Dropbase adheres to the principle of least privilege with respect to identity and access management.

PCI Compliance

All payments made to Dropbase go through our payments partner, Stripe. Details about their security setup and PCI compliance can be found here.

SOC 2 Compliance

Dropbase is currently evaluating SOC 2 Type 2 compliance process and vendors.