Security Portal
At AskYourDatabase, we offer two main products: the Desktop App and the Chatbot. Both are designed with strong security measures to protect your sensitive data. Here's how each product operates and handles your information:
Desktop App: Local Processing for Maximum Security
Our Desktop App is designed to keep your data as close to you as possible:
-
Local Database Connection: Your database credentials are stored locally on your computer. The connection to your database is established directly from your local machine.
-
OpenAI API Interaction: When you ask a question, it's sent to OpenAI's API through our secure gateway. OpenAI generates SQL queries or natural language responses.
-
Local Query Execution: If a SQL query is generated, it's executed locally on your machine against your database.
-
Minimal Data Transfer: Only the necessary response data is sent back to OpenAI for further analysis and explanation.
-
No Data Storage: Our gateway does not store any intermediate data, especially your conversation information.
-
OpenAI's Privacy Commitment: OpenAI has committed not to use API Platform conversation data for model training. For more details, visit OpenAI's Enterprise Privacy page (opens in a new tab).
In essence, with the Desktop App, your database credentials never leave your local environment, and only the conversation data is sent to OpenAI's API.
Chatbot: Cloud-Based Solution with Robust Security Measures
Our Chatbot product operates in the cloud, requiring a different set of security measures:
-
Secure Credential Handling: You provide us with your database credentials, which we encrypt using a private key. We never store these credentials in plain text.
-
Whitelisted Access: You need to whitelist our fixed IP Gateway service in your database firewall.
-
TLS Encryption: All connections between our service and your database occur over TLS, ensuring data in transit is secure.
-
Access Control Recommendations: We highly recommend whitelisting only our IP and using a read-only user if only SELECT queries are needed.
-
Query Sanitization: We sanitize AI-generated SQL queries to prevent potential security issues.
-
Customizable Access: You can disable access to specific tables and implement row-level policies to restrict user-level permissions.
-
Data Storage: Due to the nature of the Chatbot, we do store conversation records and your encrypted credentials.
-
Enterprise Solutions: We offer enterprise-grade private deployment solutions for organizations with stricter data locality requirements.
-
Data Deletion Rights: You have the right to request deletion of all your data stored on our platform.
Data Collection Summary
Desktop App
- Collects: User queries
- Does not collect: Database credentials, query results
Chatbot
- Collects: User queries, conversation history, encrypted database credentials
- Does not collect: Plain text database credentials, full query results
Both products are designed with your data security in mind, offering different levels of control and protection based on your specific needs and requirements.
For more information on how to get started with AskYourDatabase, please refer to our Getting Started guide.
Commitment to Security and Compliance
At AskYourDatabase, we are committed to maintaining the highest standards of security and compliance to protect your data. We are pleased to announce that we have initiated the SOC 2 Type 2 audit process, demonstrating our dedication to robust security practices and data protection.
SOC 2 Type 2 Audit
We have begun the rigorous process of obtaining SOC 2 Type 2 compliance certification. This comprehensive audit examines our security controls, processes, and procedures over an extended period, typically 6-12 months. The SOC 2 Type 2 report will provide detailed information about how we manage customer data, focusing on the security, availability, processing integrity, confidentiality, and privacy of our systems.
We anticipate receiving our first complete SOC 2 Type 2 compliance report in January 2025. This timeline allows for a thorough examination of our systems and practices, ensuring that we meet the stringent requirements set forth by the American Institute of Certified Public Accountants (AICPA).
By pursuing SOC 2 Type 2 compliance, we aim to:
- Validate our existing security measures
- Identify and address any potential vulnerabilities
- Provide our customers with additional assurance regarding our data protection practices
- Demonstrate our ongoing commitment to maintaining a secure and compliant environment
We look forward to sharing more details about our SOC 2 Type 2 compliance journey as we progress through the audit process. This certification will be a significant milestone in our continuous efforts to ensure the security and privacy of your data.