Security at Snaplet
At Snaplet, we take security seriously and are committed to protecting our customers' data and privacy - it's our very reason for being! This page provides an overview of our security program and the measures we have in place to safeguard customer data.
Overview
Snaplet is a database snapshot tool that can be used in a cloud-based configuration within the Snaplet cloud, or customers can choose to self-host the Snaplet worker in their own trusted environment.
The cloud tool connects to a customer's database via a connection string provided by the customer and securely copies their database into something called a snapshot. This snapshot can transform all customer data and is securely stored and encrypted in the Snaplet cloud environment. The customer can then restore this snapshot into their own development environment, essentially providing them with an anonymized, safe, and secure copy of their database to work against.
It's important to note that both the encryption of the snapshot and the transformation of customer data are optional, and controlled by the Snaplet customer.
The self-hosted version of Snaplet works similarly, but the customer self-hosts the snapshot capture workers in their own trusted environment. Snapshots are then stored in the customer's own trusted environment. As such, no part of the workflow touches the Snaplet cloud environment, and no customer data are stored in the Snaplet Cloud.
For both the cloud and self-hosted version of Snaplet, we may collect standard telemetry data related to customer usage and interactions with our platforms. We do so in the interest of continuous improvement and to better understand our users' needs. This type of data collection is a common practice in the industry and helps us optimize our services and provide customers with a better experience.
Snaplet recommends that customers who are especially sensitive to security concerns self-host Snaplet. Refer to our self-hosting guide for more information.
Customer Data
Snaplet Cloud stores connection strings to customer databases, which are securely stored and encrypted. Technically, any information present in the customer's source database may be stored in the Snaplet cloud product, depending on whether the customer has opted to transform this data during the snapshot capture process.
Snapshots captured by the customer can be encrypted as part of the capture process, and Snaplet encourages all customers to do so. Snapshots that have been encrypted can only be decrypted by the customer - Snaplet is not capable of decrypting customer snapshots.
Data Encryption and Storage
At Snaplet, we take data protection seriously and implement strong encryption measures to secure customer data both at rest and in transit. Our servers are hosted on Amazon Web Services (AWS), which provides a robust and reliable infrastructure that benefits from the comprehensive security and reliability features of the AWS platform.
Compliance
Snaplet is not currently compliant with the General Data Protection Regulation (GDPR). However, we recognize the importance of data privacy and are actively working towards achieving GDPR compliance. We are dedicated to ensuring the responsible handling of personal data and will continue to update our customers on our progress.
Authentication and Access Controls
Users are authenticated via a login system, and account administrators can control permissions on a per-user basis.
Monitoring and Detection
We use automated logging and monitoring to detect security incidents and suspicious activity.
Incident Response
We take security incidents seriously and have a dedicated incident response team to monitor, isolate, contain, eradicate, and recover from any potential security incidents. Our team also performs a post-incident review to identify and address root causes, lessons learned, and areas for improvement. We update our incident response plan and security policies and procedures as necessary to ensure the security and privacy of our customers' data.
Security Audits and Vulnerability Assessments
We prioritize the security of our customers' data and regularly perform security audits and vulnerability assessments to identify and address potential security risks. We take a proactive approach to security and update our security measures as necessary to ensure the ongoing protection of our customers' data.
Contact Information
At Snaplet, we prioritize the security of our systems and work to ensure that our clients' data is protected. However, as with any software product, there may be vulnerabilities that are not immediately apparent. If you identify a vulnerability, we encourage you to let us know so we can address it as quickly as possible. If you have any security concerns or incidents, please email us at security@snaplet.dev