Security Policy

Last Updated: 09-01-2024

At Sequel, the security of our users' data is our top priority. This document outlines the security measures and protocols we implement to protect your information, with a particular focus on the encryption of database credentials.

1. Overview of Security Practices

We take a multi-layered approach to security, ensuring that your data is protected at every stage of its interaction with our platform. Our security practices include:

  • Data Encryption
  • Access Controls
  • Monitoring and Auditing
  • Incident Response
  • Compliance

2. Data Encryption

a. Encryption of Database Credentials

One of the most critical aspects of our security framework is the encryption of your database credentials. We understand the sensitivity of this information and take the following measures to protect it:

  • Encryption at Rest: All database credentials you provide are encrypted using AES-256, a military-grade encryption standard, before being stored in our database. This ensures that even if our database were compromised, your credentials would remain protected.

  • Encryption in Transit: When you transmit your database credentials to Sequel, we use TLS (Transport Layer Security) to encrypt the data during transmission. This prevents any unauthorized third parties from intercepting or tampering with your credentials as they are sent to our servers.

  • Key Management: Encryption keys used to encrypt and decrypt your database credentials are stored separately and securely. We use a key management system (KMS) that provides an additional layer of security by rotating keys regularly and restricting access to them.

b. Data Encryption in Queries

  • Query Results: The results of SQL queries run through Sequel are also encrypted both in transit and at rest. This ensures that your sensitive data is protected throughout its lifecycle on our platform.

  • End-to-End Encryption: We plan to implement end-to-end encryption for queries and results in the near future, further enhancing the security of your data.

3. Access Controls

We enforce strict access controls to ensure that only authorized personnel have access to sensitive information:

  • Role-Based Access Control (RBAC): Access to different parts of the system is restricted based on the roles assigned to users. For example, only authorized administrators have access to encryption keys and database credential storage.

  • Multi-Factor Authentication (MFA): We require MFA for all administrative accounts and highly recommend its use for all user accounts to provide an additional layer of security.

  • Least Privilege Principle: Employees are granted the minimum level of access necessary to perform their job functions, reducing the risk of internal threats.

4. Monitoring and Auditing

We continuously monitor and audit our systems to detect and respond to potential security threats:

  • Real-Time Monitoring: Our security team uses advanced monitoring tools to track access and usage patterns in real-time, enabling the quick detection of suspicious activities.

  • Regular Audits: We conduct regular security audits, both internally and with third-party experts, to ensure that our systems are secure and comply with industry standards.

  • Logging and Alerting: All access to sensitive information, including database credentials, is logged and monitored. Alerts are triggered for any unauthorized or unusual access attempts.

5. Incident Response

In the event of a security incident, Sequel has a comprehensive incident response plan to quickly mitigate any potential damage:

  • Incident Detection: Our monitoring systems are designed to detect and alert the security team to any potential breaches or vulnerabilities.

  • Response Team: We have a dedicated incident response team that is trained to handle security incidents promptly and effectively.

  • Containment and Recovery: In the event of a breach, we immediately work to contain the threat and restore any affected systems. Users will be notified of any incidents that impact their data.

  • Post-Incident Review: After any incident, we conduct a thorough review to understand what happened, how it was handled, and what can be improved to prevent future occurrences.

6. Compliance

Sequel complies with industry standards and regulations to ensure the protection of your data:

  • GDPR Compliance: For our users in the European Union, we comply with the General Data Protection Regulation (GDPR), ensuring that your data is handled according to strict privacy and security standards.

  • HIPAA Compliance: For users in the healthcare sector, Sequel is designed to meet the requirements of the Health Insurance Portability and Accountability Act (HIPAA), ensuring the secure handling of protected health information (PHI).

  • Periodic Reviews: We regularly review our compliance with applicable laws and industry standards to ensure ongoing adherence to best practices.

7. User Responsibilities

While Sequel takes extensive measures to protect your data, security is a shared responsibility. We recommend that users:

  • Use Strong Passwords: Choose strong, unique passwords for your Sequel account and change them regularly.

  • Enable MFA: Enable multi-factor authentication on your account for added security.

  • Be Vigilant: Regularly monitor your account for any suspicious activity and report it to us immediately.

8. Contact Us

If you have any questions about our security practices or believe that your account has been compromised, please contact our security team at:

Email: support@sequel.sh

By using Sequel, you acknowledge that you have read and understood our security practices and agree to the measures we have in place to protect your data.