Security & Trust Center
Security is not a feature we bolt on -- it is foundational to how DB Audit is designed, built, and operated. We protect your most sensitive database activity data with defense-in-depth architecture and transparent practices.
Security by design
Every layer of DB Audit is built with security as a first principle, not an afterthought.
Zero-Knowledge Architecture
Sensitive query values are masked and hashed before they ever leave your network. Our collectors strip parameters at the edge, so raw data never reaches our infrastructure.
Read-Only Access
DB Audit collectors connect to your databases with read-only credentials. We never modify schemas, insert records, or alter any data. Your databases remain untouched.
Encryption Everywhere
All data is encrypted with AES-256-GCM at rest and TLS 1.3 in transit. Encryption keys are managed per-tenant with automatic rotation.
Network Isolation
Deploy DB Audit within your VPC, private subnet, or fully air-gapped environment. No inbound network access required for cloud-connected deployments.
Designed to meet your standards
We are transparent about where we stand. DB Audit is aligned with major compliance frameworks and actively working toward formal certifications.
SOC 2
AlignedDesigned to meet SOC 2 Type II trust service criteria for security, availability, and confidentiality.
ISO 27001
AlignedBuilt following the ISO 27001 control framework with documented information security management practices.
HIPAA
ReadySupports HIPAA audit and access control requirements. BAA available for enterprise customers.
GDPR
ReadyData processing agreements available. EU data residency supported for cloud deployments.
PCI DSS
ReadySupports PCI DSS monitoring and audit logging requirements for cardholder data environments.
FedRAMP
RoadmapPlanned for future certification. Architecture designed with FedRAMP controls in mind.
Need a specific framework or certification? Contact us to discuss your requirements.
Zero Telemetry Guarantee
For on-premise and air-gapped deployments, DB Audit makes zero outbound connections. No telemetry, no license phone-home, no DNS lookups. Your data never leaves your network.
This is not a configuration toggle -- it is an architectural guarantee. Air-gapped deployments have no code paths that attempt external communication. We publish network diagrams and firewall rules so you can verify this independently.
Air-Gapped Deployment GuideYour data, your control
We are deliberate about what we collect, how we store it, and when we delete it.
What We Collect
DB Audit captures query metadata, execution plans, user sessions, and access patterns. We do not store actual database record contents or query result sets.
Data Masking
Sensitive values in SQL queries are automatically masked at the collector level using configurable rules. PII, credentials, and sensitive parameters are hashed before storage.
Retention Policies
You control how long audit data is retained. Configure per-database or per-policy retention windows. Data is automatically purged when retention expires.
Data Deletion
Request complete deletion of your data at any time. We provide written confirmation of deletion and can supply audit evidence of the process.
Supply chain transparency
We are building toward full supply chain transparency so you can verify what runs in your environment.
SBOM (CycloneDX)
Coming SoonSoftware Bill of Materials published for every release in CycloneDX format.
Container Image Signing
Coming SoonAll container images signed with cosign for verifiable provenance.
CVE Scan Results
Coming SoonVulnerability scan results published and available per release.
Pinned Container Images
AvailableAll container images are versioned, tagged, and pinned to specific digests. No mutable tags in production.
Responsible Disclosure
If you discover a security vulnerability in DB Audit, we want to hear about it. Please report it responsibly so we can address it quickly.
Penetration Testing
We are committed to regular third-party penetration testing of our infrastructure and application. Testing is performed by independent security firms with no prior relationship to our engineering team.
Penetration test reports and remediation summaries are available under NDA for enterprise customers evaluating DB Audit.
Have security questions?
Our security team is available to discuss your requirements, share documentation, and support your vendor review process.