As a SaaS service that you trust your data with, we understand the immense responsibility we have to safeguard your data. So we've put in place industry-leading security and operational measures to keep your data safe when it resides on Typesense Cloud.
We've drawn from our diverse and extensive experience of running secure infrastructure at scale in high-compliance environments for over a decade at leading technology companies, to bake good security and operational principles into the foundations of Typesense Cloud. We also undergo annual audits performed by independent external auditors to certify our security practices.
Here are some key highlights of our security practices:
Typesense Cloud is a hosted datastore that you push your data into using the API endpoints we give you. We then index your data in our in-memory datastore that is optimized for fast search results.
You'd then send queries to us via our API, we fetch the best matching results in a performant way, and return the query results to your application.
Read more about Typesense's Use Cases.
Every Typesense Cloud cluster you create is completely isolated from other users' clusters at the virtualization / container layer and is fully dedicated to you. So there is no commingling of data and this significantly reduces the blast radius for any potential risks, as they are contained to individual clusters.
The Typesense Cloud Dashboard runs on a separate isolated network and only interacts with customer clusters via tightly controlled service API calls for provisioning, monitoring and deprovisioning.
Clusters only have port 443 open to the public internet to respond to API requests over HTTPS. All data exchanged between your systems and your Typesense Cloud cluster is encrypted in transit using industry standard and current encryption protocols for HTTPS.
We use full disk encryption across our entire infrastructure, so data is encrypted at rest as well.
We offer three forms of authentication:
For email/password based authentication, we require email confirmation within 24 hours of signing up. We enforce account lockouts after a certain number of invalid login attempts. You can turn on 2FA once you signup from your account page.
You can also signup / login with your Github account, for authenticating into the Typesense Cloud dashboard. Setting up multi-factor authentication on your Github account will then also enable MFA when you login with Github into Typesense Cloud.
We do not charge extra for SAML-based SSO login, but we still require a valid payment method to be on file for your team account for security and verification purposes.
When you signup with an email/password, you can create a team account and invite members by their email address. They'll be sent an invitation email with a special one-time (auto-expiring) link to join your team. Clusters you create under your team account will be accessible to members of your team.
When you signup with GitHub auth, we sync Github organizations membership information to create equivalent teams in Typesense. By default, all members of a Github organization have access to clusters created under that equivalent team in Typesense Cloud. You can restrict this access to a particular Github team, by adding this team name on your Typesense Cloud account page.
You can assign roles to each user in your team to control the level of access they have on the Typesense Cloud dashboard. Read more here.
Access to the data you store in your Typesense Cloud cluster is controlled via API keys you can generate via the Typesense Cloud dashboard or via the API. Please ensure that you safeguard your API keys and rotate them regularly. Also ensure that you have the right permissions set for each key you generate, especially ones you use in your frontend applications for search-only purposes. You can also scope API keys so that they can only access a subset of fields or subset of records for multi-tenant or role-based access.
Administrator access to our production network is tightly controlled via VPN and jump boxes.
We require the use of multi-factor authentication across all services we use.
We do not access any customer data as a strict matter of policy, unless you've given us explicit written approval to do so for debugging any issues.
As a privacy best practice, your Typesense Cloud cluster does not set any cookies. As of v0.23 of Typesense Server, we track IP addresses for debugging and rate limiting purposes. We only store these collected IP addresses for a period of 7 days.
You control the lifecycle of the data you send us via our API. You can delete any data you've sent us at any time.
Once a cluster is terminated, all data associated with it is deleted irrecoverably.
When provisioning your cluster, we offer you the choice to pick which geographic region(s) you want your cluster to be in. Data you send into the cluster will not leave the region you've chosen.
We offer the following regions:
All logs are centrally collected and monitored for any anomalies.
We have automated monitoring in place that calls our 24x7 on-call personnel should any critical issues arise with the infrastructure.
We monitor your cluster capacity and notify you via email if your memory or CPU usage exceeds recommended thresholds. Based on your approval, we can then do an in-place upgrade of your cluster to accommodate your increased traffic / data. Alternatively, you can opt-in to Automatic Capacity Upgrades and we will automatically upgrade your cluster's capacity if it exceeds recommended thresholds in a 12-hour rolling window.
We operate our services in multiple regions around the world, and also multiple physical data centers in every region.
When you provision a cluster and choose to turn on the High Availability configuration, we will spin up nodes in at least 3 different physical data centers and automatically replicate data between them. This ensures that hardware issues with any one particular node in a particular data center does not affect your clusters' up time.
We use compute services from other Cloud Infrastructure Providers and so do not have any physical servers we run or manage directly. Physical security and redundancy for these data centers are handled by our Cloud Providers.
We use Linux-based operating systems in our infrastructure and apply patches to them on a regular basis.
We have extensive automated test suites that run on every build. These also include static analysis for any potential security issues.
We do annual pen tests and vulnerability assessments, and remidiate any findings shortly after.
We are PCI compliant and do not store any payment card information in our systems. We use an industry leading payment processor - Stripe and they hold your card information. Card details you enter on our site go directly from your browser to Stripe and do not touch our systems.
In the event of any outages or infrastructure issues, we post updates on our public status page available at https://cloud-status.typesense.org/. You can also subscribe to receive updates from our status page.
You can also setup a "Cluster Alerts" email address on your account page, to which we will send notifications about issues concerning just your cluster. Please be sure to add our domain name to your address book, to ensure delivery of these critical emails to your inbox.
We are SOC 2 (Type 2) certified, and evaluated by an independent AICPA certified external auditor. We share our SOC 2 report with customers who purchase the Business or Enterprise Tier support plan for at least a year.
We are also HIPAA compliant and certified by an independent auditor. We are able to sign our standard Business Associate Agreement (BAA) with any Covered Entities or other Business Associates that are required to safeguard PHI. We require eligible customers to purchase the Business or Enterprise Tier support plan for at least a year.
Here is our Data Processing Agreement which also has a link to our sub-processors.
If you find any security issues or have any additional questions on this topic, please email us at security@typesense.org.