Data Privacy and Access at Hasura
We take privacy and security very seriously at Hasura and take all measures to protect your data. This document outlines the measures we take to ensure that your data is secure and private.
On Hasura Cloud, environment variables are stored in a Hashicorp Vault instance as secrets which are not directly accessible to Hasura staff. It is strongly recommended to keep all secrets in environment variables rather than string literals which will be accessible in your Hasura Metadata.
Hasura's architecture necessitates connecting to your databases in order to serve queries to your applications and end users. While your data passes through Hasura's systems, it remains exclusively in-memory, solely for query processing purposes. No data persistence occurs within Hasura's systems. The only exception is when caching is enabled for a query; in this case, query responses are cached within in-memory Redis instances, subject to a specified TTL (refer to caching documentation).
At Hasura, we take comprehensive measures to ensure the protection of your Metadata. Our practices are focused on keeping sensitive information, such as schema definitions, access control rules, and relationships, secure from unauthorized access and tampering. To achieve this, we employ strong encryption techniques for Metadata storage, both at rest and during transmission.
Our logging practices are designed to maintain the highest level of security and data privacy. As part of our commitment, we do not log query responses in any system logs, preventing unauthorized access or data leakage.
Additionally, to further safeguard your information, we do not log passwords.
SOC Type 2 Compliance
We are SOC Type 2 compliant. This means that we have undergone a rigorous audit by a third party to ensure that we have the appropriate controls in place to protect your data. You can read more about our SOC Type 2 compliance here.
GDPR and HIPAA Compliance