As a SaaS service that you trust your data with, we understand the immense responsibility we have to safeguard your data. So we’ve put in place industry-leading security and operational measures to keep your data safe when it resides on Typesense Cloud.
We’ve drawn from our diverse and extensive experience of running secure infrastructure at scale in high-compliance environments for over a decade at other leading technology companies, to bake good security and operational principles into the foundations of Typesense Cloud. We also undergo annual audits performed by independent external auditors to certify our security practices.
Here are some key highlights of our security practices:
Every cluster you create is completely isolated from other users’ clusters at the firewall level and is dedicated to you. So there is no commingling of data and this significantly reduces the blast radius for any potential risks or issues, as they are contained to individual clusters.
The Typesense Cloud Dashboard runs on a separate isolated network and only interacts with customer clusters via tightly controlled service API calls for provisioning, monitoring and deprovisioning.
Clusters only have port 443 open to the public internet to respond to API requests over HTTPS. All data exchanged between your systems and your Typesense Cloud cluster is encrypted in transit using industry standard and current encryption protocols for HTTPS.
We use full disk encryption across our entire infrastructure, so data is encrypted at rest as well.
We rely on Github for authenticating into the Typesense Cloud dashboard. Setting up multi-factor authentication on your Github account will also enable MFA when you login with Github into Typesense Cloud.
We sync Github organizations membership information to create equivalent teams in Typesense. By default, all members of a Github organization have access to clusters created under that equivalent team in Typesense Cloud. You can restrict this access to a particular Github team, by adding this team name on your Typesense Cloud account page.
Access to the data you store in your Typesense Cloud cluster is controlled via API keys you can generate via the Typesense Cloud dashboard or via the API. Please ensure that you safeguard your API keys and rotate them regularly. Also ensure that you have the right permissions set for each key you generate, especially ones you use in your frontend applications for search-only purposes. You can also scope API keys so that they can only access a subset of fields or subset of records for multi-tenant or role-based access.
Administrator access to our production network is tightly controlled via VPN and jump boxes.
We require the use of multi-factor authentication across all services we use.
We do not access any customer data as a strict matter of policy, unless you’ve given us explicit written approval to do so for debugging any issues.
Once a cluster is terminated, all data associated with it is deleted irrecoverably.
As a privacy best practice, your Typesense Cloud cluster does not set any cookies. As of v0.23 of Typesense Server, we track IP addresses for debugging and rate limiting purposes. We only store these collected IP addresses for a period of 7 days.
If you have strict Data Residency requirements, you can pick a particular region / country when provisioning your Typesense Cloud cluster and your data will not leave that region / country.
All logs are centrally collected and monitored for any anomalies.
We have automated monitoring in place that calls our 24x7 on-call personnel should any critical issues arise with the infrastructure.
We monitor your cluster capacity and notify you via email if your memory or CPU usage exceeds recommended thresholds. Based on your approval, we can then do an in-place upgrade of your cluster to accommodate your increased traffic / data. Alternatively, you can opt-in to Automatic Capacity Upgrades and we will automatically upgrade your cluster's capacity if it exceeds recommended thresholds in a 12-hour rolling window.
We operate our services in multiple regions around the world, and also multiple physical data centers in every region.
When you provision a cluster and choose to turn on the High Availability configuration, we will spin up nodes in at least 3 different physical data centers and automatically replicate data between them. This ensures that hardware issues with any one particular node in a particular data center does not affect your clusters' up time.
We use compute services from other Cloud Providers and so do not have any physical servers we run or manage directly. Physical security and redundancy for these data centers are handled by our Cloud Providers.
We use Linux-based operating systems in our infrastructure and apply patches to them on a regular basis.
We have extensive automated test suites that run on every build. These also include static analysis for any potential security issues.
We do annual pen tests and vulnerability assessments, and remidiate any findings shortly after.
We are PCI compliant and do not store any payment card information in our systems. We use an industry leading payment processor - Stripe and they hold your card information. Card details you enter on our site go directly from your browser to Stripe and do not touch our systems.
In the event of any outages or infrastructure issues, we post updates on our public status page available at https://cloud-status.typesense.org/. You can also subscribe to receive updates from our status page.
We are SOC 2 (Type 2) certified, and evaluated by an independent AICPA certified external auditor. We share our SOC 2 report with customers who purchase the Business Tier support plan or above.
If you find any security issues, please email us at email@example.com.