Security
Last updated: June 1, 2026
Security is foundational to how we build DataBlue. The Services handle API keys, account data, and the requests our customers depend on, so we treat protecting that data as a core part of the product — not an afterthought. This page summarizes the measures we take.
1. Our Approach
We design with security and privacy by default: encrypt sensitive data, minimize what we collect and retain, limit who can access production, and monitor continuously. Security is a program, not a one-time project — we review and improve our controls on an ongoing basis as the platform and the threat landscape evolve.
2. How We Protect Data
A snapshot of the technical and organizational controls that protect your data:
Encryption in transit
All traffic to the API and website is encrypted with TLS. We enforce HTTPS everywhere and use modern cipher suites.
Encryption at rest
Sensitive data — including credentials and secrets — is encrypted at rest using industry-standard algorithms.
Hashed credentials
Passwords are never stored in plain text. We store only salted, one-way hashes, and API keys are scoped and revocable.
Least privilege
Access to production systems is restricted, logged, and granted on a need-to-know basis with strong authentication.
Monitoring & logging
We continuously monitor for anomalies, retain audit logs, and alert on suspicious activity across the platform.
Resilient infrastructure
Hosted on reputable cloud providers with redundancy, automated backups, and isolation between customer workloads.
3. Infrastructure & Network
DataBlue runs on reputable cloud infrastructure providers that maintain robust physical and environmental security and their own industry certifications. We use network segmentation, firewalls, and isolation between workloads, keep systems patched, and take automated, encrypted backups to support recovery. Production changes go through review and controlled deployment.
4. Data Protection
We collect and retain only what we need. API request and response payloads are kept for a short operational window for debugging, abuse prevention, and support, then deleted or anonymized. How we handle personal data is described in our Privacy Policy, and our processing of customer data on your behalf is governed by our Data Processing Agreement.
5. Access & Authentication
- Passwords are stored only as salted, one-way hashes — never in plain text.
- API keys use the
wh_prefix, are scoped to your account, and can be revoked and rotated at any time from the dashboard. - Access to production systems is limited to authorized personnel, protected by strong authentication, and logged.
- We follow least-privilege principles and review access periodically.
6. Compliance
DataBlue is GDPR-ready, and our SOC 2 Type II program is in progress, with status published publicly as we advance. We offer a Data Processing Agreement for customers who need one, and we support data subject and deletion requests as described in our Privacy Policy. We aim for a 99.9% uptime target, with live status available on our status page.
7. Responsible Disclosure
We welcome reports from security researchers. If you believe you've found a vulnerability, please email security@datablue.dev with enough detail to reproduce the issue, and give us a reasonable opportunity to investigate and remediate before any public disclosure. We ask that you avoid accessing or modifying other users' data, degrading the Services, or running automated scans that could cause harm. We're grateful to researchers who help keep DataBlue safe and will acknowledge good-faith reports.
8. Contact
For security questions or to report an issue, contact us at:
DataBlue — Security
Email: security@datablue.dev
Madurai, Tamil Nadu, India
This page describes our security practices for transparency and does not form part of any contract or warranty.