Database security

Hi,

Can you point me at some information about managed Postgres operational security? Render has all of the information necessary to access the data in the database. What technical protections and/or policies are in place to prevent access by Render staff?

It’s not that we don’t trust Render staff. :slight_smile: It’s “just” a matter of due diligence.

I found this topic, but it was only tangentially related.

Thanks in advance,

– T.J. Crowder

Same question regarding API keys, etc.

(For lurkers, Render has reached out privately twice so far to say that while they don’t have a reply yet, they are working on one.)

1 Like

Hi @tjcrowder,

You can refer to our Terms of Service, Section 7 (Security) and our Privacy Policy, Section 6.3 (Keeping your information safe) for Render’s policies on security and securing user data.

Render does not access user data, which is usually logs and configuration, unless given explicit approval by the user when they reach out for help debugging issues. Our support team will suggest alternative methods for resolution before requesting such permission. Additionally, we have authentication controls for access. Render customers can also install tools with auditing and alerting functions to monitor access to user data.

@J_Buckley For api keys, they are encrypted in our db, so we cannot see them.

1 Like

Hi @jennifer,

Thanks for that. Those sections seem to be mostly about account information, not the managed databases Render provides.

For instance, suppose employee X wanted to look at the data in our PostgreSQL database. What procedural and technical protections would they have to defeat or circumvent to do that?

Can you point me at anything that could be used for those purposes with your PostgreSQL managed databases?

Thanks,

– T.J.