Security And Compliance

DBeeKeeper's storage provider Microsoft Azure meets rigorous privacy and compliance standards.

We use Azure's Storage Blobs service for securely storing backups which are encrypted at rest.

Compliance details can be found at Microsoft Azure compliance. In summary the storage platfrom is ISO 27001, ISO 27017 and ISO 27018 compliant.

Access to all DBeeKeeper servers is secure.

Firewalls are set to default-deny. The only accessible services are web services (Web servers only over port 80 - redirected to SSL 443) and messaging service (TLS over TCP 5671)

In-depth information on our SSL implementation is available via this Qualys SSL Report on DBeeKeeper.

Access to servers (where allowed) is ip and employee restricted.

DBeeKeeper servers and software are running the latest versions of software and security patches.

We strive to keep all server software on the latest version; however, when that‘s not possible we ensure that the latest security patches are installed/up to date. This is reviewed monthly (patches are often installed as soon as they come out).

Written to protect against common attacks.

DBeeKeeper has been written using common libraries to protect against SQL Injection, XSS Vulnerabilities, and other common exploits. As part of our build process we scan our application using static analysis - against OWASP Top 10 and SANS/CWE Top 25 and other common insecure coding patterns.

Your data is stored securely.

All of the stored backups are encrypted at rest. Additionally, access keys required to generate SAS (Shared Access Signature) tokens are rotated every 6 hours.

Your access to DBeeKeeper is secure.

All access to your dashboard is always over a secure (SSL encrypted) connection.

Development and QA environments do not use customer data.

We use generated (fake) customer data for these environments.

Nightly backups are stored offsite and encrypted at rest.

Deleted data is retained for up to 60 days.

Some data that users delete is soft deleted and can be recovered (in case a user deletes something by mistake) inside of 30 days. After 30 days, that data is hard deleted and can only be recovered via full backup for another 30 days.