Skip to main content
Security Questions & Answers
Updated over a year ago

We understand how important it is to protect sensitive data. We answer the most common questions about security on this page.

We do not ever store your Airtable records data. Your Airtable records data are processed on our servers (like other cloud service providers), but they are never stored. You can find more information about how we handle Airtable data here:
​https://miniextensions.com/privacy/#airtable-data

Is data encrypted in Transit with TLS 1.2 or greater?

Yes.

Is data encrypted at rest (storage)?

Yes, with 256-bit Advanced Encryption Standard.

Do you utilize full-disk encryption (AES-256 or greater) solution for all employee computers?

Yes.

What security certifications does your company have?

We do not have any security certifications, but we are GDPR compliant and follow best practices for security.

Would all data be removed from your server if requested?

Yes.

In case of any security incidents impacting client data, would I be notified with 24 hours?
Yes.
​
​Will my data be shared with another entity, software, or 3rd party?
No.
​
​Which Cloud Provider will you be using to process or store data?

Google Cloud.
​
​Where are the physical locations where the data will be stored?

North America.
​
​Do you support Single Sign-On (SSO) or user access management?

We offer an option to sign in with Google.

Will miniExtensions need to access to organization's network?
No. We only need access to your Airtable base.

Does your product require a software agent running on my organization's hosts?
No.

Does your product need any connection to my organization's network whatsoever?
No.

Do you use a "least access" model with users getting access to only what they need?
Yes.


​Are only dedicated and uniquely named accounts used, including admin accounts (i.e., group, shared, or generic accounts are not used)?
Yes.
​
​Do you have logical access controls for access to systems and databases?
Yes.
​
​Is access to data logged and reviewed internally?
Yes.
​
​For your internal systems, is there a process to periodically evaluate whether access is still needed?
Yes.
​
​For your internal systems, when access is no longer needed is it removed within a reasonable time frame?
Yes.
​
​Do you have a formal change management process ensuring that changes are tested and approved?
Yes.
​
​Do you require 2-factor authentication (2FA) for remote access into your internal network?
Yes.
​
​Do you have a vulnerability and patch management program?
Yes.

Do you have protections against brute force login attempts?
Yes.

Do you have protection against DDoS attacks?
Yes.

Is technical maintenance only executed from secured maintenance workstations with encrypted hard drives?

Yes.


​When accessed from a public network location, is the maintenance environment only accessible with a strong (multi-factor) authentication?

Yes.


​Is there a backup and restore plan for when things go wrong during maintenance?
Yes.


​Is there a description of the information system, operating procedures, and configuration?
Yes.


​In the production systems, there are no development tools, test tools, or source code?

Yes.


​Are maintenance employees vetted before hiring by checking references?

Yes.


​Have employees with access to our data signed a statement enforcing the confidentiality of our data? And does this statement describe the sanctions that apply if the confidentiality obligation is not complied with?

Yes.

Does the user of the solution have the ability to upload or store information with the miniExtensions?
Yes, but we don't store your data. We only pass it to Airtable.
​
​Does the software automatically push information to the vendor or any third party (e.g. data regarding usage)?
Yes, we push the data to Airtable.
​
​Does the licensor or any third party have the ability to remotely access the software and information stored or processed by the software?
No.
​
​According to the required Export Control Form, did the vendor confirm; (A) it is an organization or incorporated under the laws of the US, (B) it has a system in place to block all access by Foreign Persons to export controlled information?
Yes.

I have other security questions that have not been covered. We need your company to complete a security evaluation.

Please find the answer on this page.

Please visit this page for more information about our Privacy Policy.

Did this answer your question?