Skip to content

Security

How we protect your data and keep the platform secure.

Infrastructure

  • ✓ Hosted on DigitalOcean — Frankfurt, Germany (EU). No data leaves the EU except where explicitly stated (see GDPR).
  • ✓ All services run inside isolated Docker containers with least-privilege access.
  • ✓ Production database: DigitalOcean Managed PostgreSQL — automated backups, point-in-time recovery, TLS-only connections.
  • ✓ Queue and cache: DigitalOcean Managed Redis — TLS-only, private network access only.
  • ✓ File storage: DigitalOcean Spaces (S3-compatible) — private buckets, presigned URLs for temporary access.
  • ✓ DDoS protection and CDN via Cloudflare.

Data encryption

  • ✓ All data in transit encrypted with TLS 1.2+.
  • ✓ Passwords hashed with bcrypt (cost factor 12) — never stored in plain text.
  • ✓ API keys stored encrypted at rest using AES-256.
  • ✓ LLM provider keys (OpenAI etc.) stored encrypted per tenant — never logged.
  • ✓ Database connections require SSL (sslmode=require) in production.

Authentication & access control

  • ✓ Session tokens are short-lived JWT signed with HS256.
  • ✓ API key authentication for programmatic access — keys are shown only once at creation.
  • ✓ Every database query is scoped to a tenant_id — cross-tenant data access is architecturally impossible at the query level.
  • ✓ Production server access limited to authorized personnel via SSH key authentication only — password login disabled.
  • ✓ No shared credentials. Each service has its own credentials with minimum required permissions.

Application security

  • ✓ All user input validated and sanitized before processing.
  • ✓ File uploads streamed — files are never fully loaded into memory, limiting memory exhaustion attacks.
  • ✓ CORS policy restricts API access to known origins (web app and Chrome extension IDs).
  • ✓ Rate limiting on authentication endpoints to prevent brute-force attacks.
  • ✓ Dependencies regularly updated and scanned for known vulnerabilities.
  • ✓ Chrome extension uses Manifest V3 with strict Content Security Policy — no remote code execution.

Monitoring & incident response

  • ✓ Uptime and service health monitored 24/7 via BetterStack. Status available at status page.
  • ✓ Structured logs with request IDs for full auditability — logs do not contain personal data or secrets.
  • ✓ In the event of a data breach, affected users are notified within 72 hours as required by GDPR Article 33.

Responsible disclosure

If you discover a security vulnerability in CommerceBase, please report it responsibly. Do not publicly disclose the issue until we have had a chance to investigate and address it.

Send your report to security@commercebase.io with a description of the issue, steps to reproduce, and potential impact. We aim to acknowledge reports within 48 hours and resolve critical issues within 7 days.