Security Policy

Your data security is our top priority. Here's how we protect your information at every level.

Last updated: February 26, 2026

Encryption at Rest

All database credentials are encrypted using AES-256 encryption before being stored. Your connection details are never stored in plain text.

Encryption in Transit

All communications between your browser, our servers, and your database use TLS 1.3 encryption. No data is ever transmitted unencrypted.

No Data Storage

We never store your actual database records. Queries are executed in real-time and results are streamed directly to your browser. Only dashboard configurations are stored.

Read-Only Access

VexiData only requires read-only access to your database. We cannot modify, delete, or insert data into your database under any circumstances.

Two-Factor Authentication

Protect your account with TOTP-based two-factor authentication. We support all standard authenticator apps.

Role-Based Access

Control who on your team can access which data sources and dashboards with granular role-based permissions.

EU Data Residency

All infrastructure and data processing is hosted within the European Union, ensuring compliance with GDPR and EU data protection regulations.

Continuous Monitoring

We employ 24/7 automated threat detection, intrusion monitoring, and anomaly detection to identify and respond to security events in real-time.

Regular Audits

We conduct regular security audits, penetration testing, and vulnerability assessments to continuously improve our security posture.

Secure Development

Our development process follows security best practices including code reviews, dependency scanning, and automated security testing in CI/CD.

AI Data Handling

When you use VexiData's AI features, we send only your database schema structure (table names, column names, and data types) to our AI providers. Your actual data records are never sent to any AI service. The AI generates SQL queries based on the schema, and those queries are executed directly against your database.

Incident Response

In the unlikely event of a security incident, we follow a structured response plan:

  • Immediate containment and investigation
  • Notification to affected users within 72 hours as required by GDPR
  • Full root cause analysis and remediation
  • Post-incident review and security improvements

Responsible Disclosure

If you discover a security vulnerability in VexiData, we encourage responsible disclosure. Please report security issues to [email protected] with the subject line "Security Vulnerability". We will acknowledge your report within 24 hours and work with you to address the issue.

Questions

For security-related questions or concerns, contact us at [email protected].