Security

Database as a service

21RISK uses Postgres as the underlying database for our application code. We don't host Postgres in-house, but use the Database-as-a-Service (DBaaS) Planetscale . When developing locally, we use a local postgres instance. When investigating issues in production, we either:

  • Investigate the issue in our stage environment
  • Restore production data to the stage cluster

We use a dedicated instance in Planetscale.

Note

Our produciton cluster is located in AWS (eu-central-1). Multi region backups are distributed to Cloudflare .

Backup restore procedures

To restore a production backup, we follow this procedure:

  1. Navigate to the backups page in Planetscale
  2. Go to the Backup list, and choose the restore to new branch
  3. After a good cup of cooffee, the backup is restored.

Note

We have a video that demonstrates the backup restore procedure. Reach out to support@21risk.com if you would like this evidence.

To monitor the database for anomities, we utilize the Planetscale Metrics, and alerts.

Planetscale Encryption

TLS (Transport Encryption)

TLS is configured with SSL required, read more here

Encryption at rest

All our data in Planetscale is encrypted as rest, as this is default at Planetscale, read more here .

Authorization and Roles

Access to our production environment in Planetscale is configured with limited access to dev/stage/review-apps to enforce the principle of least privilege.

previous Certifications
next Vercel platform