Security at DataLaxe

All database credentials (host, port, username, password) and OAuth tokens stored in Bridge are encrypted using AES-256-GCM with a unique initialisation vector per record. Encryption keys are stored separately from the encrypted data and are not accessible to application-layer code without an explicit key lookup.

OAuth access and refresh tokens for Google and HubSpot integrations are stored encrypted. Access tokens are refreshed automatically before expiry. We request the minimum OAuth scopes required for each integration and never request write access beyond what is necessary.

Application secrets (encryption keys, database credentials, API keys) are stored as environment variables and never committed to source control. Production environment variables are managed separately from development environments.

When a job runs, Bridge fetches data from your source, transforms it, and writes it to your destination. Source data is held in memory only for the duration of the job execution. We do not persist the contents of your synced records to our database.

All significant actions — connection creation and edits, job creation, manual runs, and user authentication — are logged with a timestamp and the acting user's identity. Audit logs are available to workspace administrators in the Admin Console.

Each workspace's data is logically isolated. Jobs, connections, and run logs are scoped to the workspace and inaccessible to other workspaces. Database-level row filtering enforces this separation.

Bridge is hosted on cloud infrastructure (currently AWS). The application runs in a Docker container with a restricted network surface. Inbound access is limited to HTTPS (port 443) via a reverse proxy. Direct access to the database from outside the server network is blocked.

The database listens only on the internal Docker network interface and is not exposed to the public internet. Application traffic is proxied through nginx with TLS termination. HTTP traffic is automatically redirected to HTTPS.

We keep application dependencies up to date and monitor for known vulnerabilities. Base Docker images are rebuilt periodically to incorporate operating system security patches.

Users authenticate with their email address. Sessions are managed with short-lived tokens stored in the browser. Passwords are never stored — authentication is handled via secure token exchange.

Bridge supports workspace-level access control. Workspace owners can invite members and control who has access to connections, jobs, and admin features. Each user's access is validated on every API request.