Your Sequin database will contain the data mapped to your sync - which may include PII and sensitive information. We take the security of that data seriously.
Please read about our full security practices. Here is a short synopsis of how we keep your data secure:
- Authentication to your sources, both tokens and API keys, are encrypted at rest.
- The Sequin application database is only accessible through a bastion host.
- We only access customer databases by request or to diagnose a sync issue. All access is logged for auditing.
- Sequin workers first backfill your database with all data from your source. During this backfill, Sequin will receive events as they happen to keep your data in-sync.
- Data flows directly from the source, through Sequin workers, to your database. We don't cache or store data anywhere else.
- We use Sentry and Datadog for error monitoring. Sometimes errors Datadog catches will contain API response data. But these are minimized and our logs in Datadog have a shelf-life of 30 days.
- If you use a Sequin hosted demo database, you are provisioned private database and a database user for you on a shared RDS instance. While Sequin shared instances are secure, we can also sync to a database you own for greater peace of mind.