Security

Enterprise-Grade
Security

Your data protected at every layer.

AES-256 EncryptionSOC 2 InfrastructureGDPR Compliant
01

Data Protection

Encryption at Rest

OAuth tokens encrypted with AES-256-CBC
Unique initialization vector (IV) for every encrypted value
Database connections use encrypted channels
API tokens stored with enterprise-grade encryption

Encryption in Transit

All API calls secured with HTTPS/TLS 1.3
WebSocket connections use WSS (secure WebSocket)
No unencrypted data transmission

Access Controls

Role-based access control: Owner, Admin, and Member roles
Session authentication: JWT Bearer tokens with 30-day expiry
API rate limiting: 100 requests/minute per workspace
Workspace isolation: Data segregated by workspace ID
02

Infrastructure Security

Hosting & Infrastructure

Firebase (Google Cloud): SOC 2 Type II certified hosting
PostgreSQL: Managed database with automated backups
Daily snapshots: 7-day backup retention
DDoS protection: Built-in infrastructure-level protection

Monitoring & Reliability

Real-time error tracking and alerting
24/7 uptime monitoring
Automated health checks
Target uptime: 99.5% (99.9% SLA available for Enterprise upon request)
03

Application Security

Input validation: All API endpoints validate request schemas
SQL injection protection: Parameterized queries only, no string concatenation
CSRF protection: State validation in OAuth flows
Webhook security: HMAC-SHA256 signature validation with timing-safe comparison
Dependency management: Automated security updates via Dependabot
Error handling: Sensitive data never exposed in error messages or logs
04

Third-Party Security

All third-party integrations are carefully vetted for security compliance:

OAuth 2.0 + PKCE: Industry-standard authorization flows
Minimal scope requests: Only request necessary permissions (principle of least privilege)
Token protection: Tokens never logged, stored encrypted, never exposed in URLs
Subprocessor compliance: All third parties maintain SOC 2 Type II or equivalent

See our complete list of subprocessors for full transparency.

05

Incident Response

Breach Notification

In the event of a data breach, we will notify affected customers within 24 hours of becoming aware of the incident.

Post-Incident Reports

Detailed incident reports published within 7 days, including root cause analysis and remediation steps.

Emergency Contact

Report security vulnerabilities or incidents to hello@redshifthub.com

06

Compliance

GDPR (General Data Protection Regulation)

Fully compliant with EU data protection requirements. Users have rights to access, rectification, erasure, and data portability. See our Privacy Policy for details.

CCPA (California Consumer Privacy Act)

Compliant with California privacy requirements. California residents have additional rights regarding their personal information.

EU-US Data Privacy Framework

Firebase (Google Cloud) participates in the EU-US Data Privacy Framework, ensuring lawful international data transfers.

Data Processing Agreement

Enterprise customers can execute our Data Processing Agreement (DPA) for GDPR compliance.

Questions from Your Security Team?

We're here to help with security questionnaires, documentation requests, and compliance inquiries.

Contact Security Team
Last updated: February 27, 2026
PrivacyDPASubprocessors