How safe is my data in Xata?
Hello everyone! I am Indrajit, and I am a software developer by day. I love exploring and experimenting with upcoming, new technologies. I found Xata to be very interesting and easy to use. I had one very important question bugging my mind though - How safe is my data in Xata? I mean, if I were to store some important, slightly confidential (say DOB and address of users maybe) data in Xata, can I be sure that my data will remain safe and nobody but only me and people whom I provide access to will be able to access them? Would love to hear your answers and thoughts on this.
2 Replies
Hello! You can find our data safety statement here: https://xata.io/docs/concepts/how-it-works#data-safety. In summary, your data is safe and secure with Xata as we keep it encrypted both during network transit (with SSL) and at rest using storage encryption by our infrastructure provider, and the same applies to all backups, logs and traces. Xata still owns the encryption keys but we have procedures in place to ensure safe access - noone on our end or on our infrastructure provider's side would read your data in store without your consent. We are planning to pursue relevant certifications soon.
As an extra step, you could additionally hash sensitive data before storing to Xata as explained in this docs example: https://xata.io/docs/tutorials/nextjs-basic-auth#creating-and-authenticating-new-user with an additional tool such as bcrypt. This would allow you to use an additional encryption key that only you know of, so noone else can decrypt the sensitive data without this key. It's a good practice for content such as passwords, as it also secures data from plain sight - i.e. while viewing the content in the table view in our Web UI the sensitive values would be hashed.
We are considering a feature request logged on our feedback boards, to provide built-in cryptographic & hashing functions for columns with sensitive data: https://feedback.xata.io/feature-requests/p/cryptographic-functions Feel free to add comments or upvote!
That is truly amazing! Thanks for the prompt reply @kostas!:emojisky: