We understand how important it is to protect sensitive data. We answer the most common questions about security on this page.
We do not ever store your Airtable records data. Your Airtable records data are processed on our servers (like other cloud service providers), but they are never stored. You can find more information about how we handle Airtable data here:
βο»Ώhttps://miniextensions.com/privacy/#airtable-data
Is data encrypted in Transit with TLS 1.2 or greater?
Yes.
Is data encrypted at rest (storage)?
Yes, with 256-bit Advanced Encryption Standard.
Do you utilize full-disk encryption (AES-256 or greater) solution for all employee computers?
Yes.
What security certifications does your company have?
We do not have any security certifications, but we are GDPR compliant and follow best practices for security.
Would all data be removed from your server if requested?
Yes.
In case of any security incidents impacting client data, would I be notified with 24 hours?
Yes.
β
βWill my data be shared with another entity, software, or 3rd party?
No.
β
βWhich Cloud Provider will you be using to process or store data?
Google Cloud.
β
βWhere are the physical locations where the data will be stored?
North America.
β
βDo you support Single Sign-On (SSO) or user access management?
We offer an option to sign in with Google.
Will miniExtensions need to access to organization's network?
No. We only need access to your Airtable base.
Does your product require a software agent running on my organization's hosts?
No.
Does your product need any connection to my organization's network whatsoever?
No.
Do you use a "least access" model with users getting access to only what they need?
Yes.
βAre only dedicated and uniquely named accounts used, including admin accounts (i.e., group, shared, or generic accounts are not used)?
Yes.
β
βDo you have logical access controls for access to systems and databases?
Yes.
β
βIs access to data logged and reviewed internally?
Yes.
β
βFor your internal systems, is there a process to periodically evaluate whether access is still needed?
Yes.
β
βFor your internal systems, when access is no longer needed is it removed within a reasonable time frame?
Yes.
β
βDo you have a formal change management process ensuring that changes are tested and approved?
Yes.
β
βDo you require 2-factor authentication (2FA) for remote access into your internal network?
Yes.
β
βDo you have a vulnerability and patch management program?
Yes.
Do you have protections against brute force login attempts?
Yes.
Do you have protection against DDoS attacks?
Yes.
Is technical maintenance only executed from secured maintenance workstations with encrypted hard drives?
Yes.
βWhen accessed from a public network location, is the maintenance environment only accessible with a strong (multi-factor) authentication?
Yes.
βIs there a backup and restore plan for when things go wrong during maintenance?
Yes.
βIs there a description of the information system, operating procedures, and configuration?
Yes.
βIn the production systems, there are no development tools, test tools, or source code?
Yes.
βAre maintenance employees vetted before hiring by checking references?
Yes.
βHave employees with access to our data signed a statement enforcing the confidentiality of our data? And does this statement describe the sanctions that apply if the confidentiality obligation is not complied with?
Yes.
Does the user of the solution have the ability to upload or store information with the miniExtensions?
Yes, but we don't store your data. We only pass it to Airtable.
β
βDoes the software automatically push information to the vendor or any third party (e.g. data regarding usage)?
Yes, we push the data to Airtable.
β
βDoes the licensor or any third party have the ability to remotely access the software and information stored or processed by the software?
No.
β
βAccording to the required Export Control Form, did the vendor confirm; (A) it is an organization or incorporated under the laws of the US, (B) it has a system in place to block all access by Foreign Persons to export controlled information?
Yes.
I have other security questions that have not been covered. We need your company to complete a security evaluation.
Please find the answer on this page.
Please visit this page for more information about our Privacy Policy.