|

Security at DataCrew

Your data is the backbone of your business. We take its protection seriously with industry-standard encryption, strict access controls, and continuous monitoring.

Encryption in Transit

All data transmitted between your browser and our servers is encrypted via TLS 1.2+ (HTTPS). We enforce HTTPS on all endpoints with no plain-HTTP fallback.

Encryption at Rest

Sensitive credentials — OAuth tokens, database passwords — are encrypted at rest using AES-256 symmetric encryption (Fernet) with keys derived via PBKDF2.

Authentication & Access Control

User authentication is managed by Supabase with bcrypt password hashing and JWT tokens. Role-based access control ensures users can only access their own data.

No Data Selling

We never sell your data. Your uploaded files and connected data sources are used solely to provide you with analytics, dashboards, and reports.

Infrastructure Security

Our production environment runs on isolated Docker containers with network segmentation. Redis is password-protected. Database access is restricted to internal services only.

Rate Limiting & Abuse Prevention

API rate limiting protects against brute-force attacks and abuse. SQL injection is prevented through query validation and parameterized queries.

Data Retention

Your data is retained as long as your account is active. You can delete datasets or your entire account at any time. Upon account deletion, all associated data is permanently removed within 30 days. Orphaned files are automatically cleaned up within 7 days.

Third-Party Integrations

When you connect Xero, Shopify, or a SQL database, we use OAuth 2.0 for secure authorization. Access tokens are encrypted at rest and can be revoked at any time by disconnecting the integration. We request only the minimum scopes necessary to import your data.

AI Data Handling

When AI analysis is performed, only data samples and statistical metadata are sent to the AI model. We do not send raw personally identifiable information (PII) unless it is part of your dataset columns. AI results are stored associated with your account and are not shared with other users.

Responsible Disclosure

If you discover a security vulnerability in DataCrew, please report it responsibly to support@yourdatacrew.com. We will investigate promptly and keep you informed of our response.