Security
How we protect your data and keep the platform secure.
Infrastructure
- ✓ Hosted on DigitalOcean — Frankfurt, Germany (EU). No data leaves the EU except where explicitly stated (see GDPR).
- ✓ All services run inside isolated Docker containers with least-privilege access.
- ✓ Production database: DigitalOcean Managed PostgreSQL — automated backups, point-in-time recovery, TLS-only connections.
- ✓ Queue and cache: DigitalOcean Managed Redis — TLS-only, private network access only.
- ✓ File storage: DigitalOcean Spaces (S3-compatible) — private buckets, presigned URLs for temporary access.
- ✓ DDoS protection and CDN via Cloudflare.
Data encryption
- ✓ All data in transit encrypted with TLS 1.2+.
- ✓ Passwords hashed with bcrypt (cost factor 12) — never stored in plain text.
- ✓ API keys stored encrypted at rest using AES-256.
- ✓ LLM provider keys (OpenAI etc.) stored encrypted per tenant — never logged.
- ✓ Database connections require SSL (
sslmode=require) in production.
Authentication & access control
- ✓ Session tokens are short-lived JWT signed with HS256.
- ✓ API key authentication for programmatic access — keys are shown only once at creation.
- ✓ Every database query is scoped to a tenant_id — cross-tenant data access is architecturally impossible at the query level.
- ✓ Production server access limited to authorized personnel via SSH key authentication only — password login disabled.
- ✓ No shared credentials. Each service has its own credentials with minimum required permissions.
Application security
- ✓ All user input validated and sanitized before processing.
- ✓ File uploads streamed — files are never fully loaded into memory, limiting memory exhaustion attacks.
- ✓ CORS policy restricts API access to known origins (web app and Chrome extension IDs).
- ✓ Rate limiting on authentication endpoints to prevent brute-force attacks.
- ✓ Dependencies regularly updated and scanned for known vulnerabilities.
- ✓ Chrome extension uses Manifest V3 with strict Content Security Policy — no remote code execution.
Monitoring & incident response
- ✓ Uptime and service health monitored 24/7 via BetterStack. Status available at status page.
- ✓ Structured logs with request IDs for full auditability — logs do not contain personal data or secrets.
- ✓ In the event of a data breach, affected users are notified within 72 hours as required by GDPR Article 33.
Responsible disclosure
If you discover a security vulnerability in CommerceBase, please report it responsibly. Do not publicly disclose the issue until we have had a chance to investigate and address it.
Send your report to security@commercebase.io with a description of the issue, steps to reproduce, and potential impact. We aim to acknowledge reports within 48 hours and resolve critical issues within 7 days.