Skip to main content
Basedash takes security and data privacy seriously. We’ve implemented comprehensive security measures to protect your data throughout every step of the process, with additional controls available for enterprise and self-hosted deployments.

Compliance and certifications

Basedash is SOC 2 Type II compliant, demonstrating our commitment to maintaining the highest standards of security, availability, and confidentiality. This independent audit validates our security controls and processes. You can request our latest SOC 2 report by emailing us at support@basedash.com. All Basedash servers are located in San Francisco, California, ensuring your data remains within secure, well-regulated infrastructure. For customers using non-SQL data sources, the dedicated data warehouses we provision are also hosted in the same San Francisco location.

Self-hosting for enhanced security

For organizations with additional security requirements, we offer self-hosting as an option. Self-hosting allows you to deploy Basedash on your own infrastructure, giving you complete control over data location, network security, and compliance standards. Self-hosting is the recommended deployment path for organizations with HIPAA, GDPR, PCI-DSS, air-gapped, or strict data residency requirements that cannot be met by the managed cloud product alone. When you self-host, you control the infrastructure, network boundary, retention policies, subprocessors, and operational controls required for your own compliance program. See our self-hosting documentation for detailed information about compliance standards and implementation requirements. We work with third-party security researchers to conduct regular penetration testing, ensuring our security measures remain robust against evolving threats.

Connecting your data

Basedash offers two primary methods for connecting your data, each designed with security as a top priority. For SQL databases, Basedash connects directly to your database and can use read-only credentials when you only want analysis and dashboards. Teams that want editing workflows can enable them with database credentials that have the appropriate write permissions. For databases within private networks, Basedash supports SSH connections for direct database access. This allows you to securely connect to databases that aren’t directly accessible from the internet by routing the connection through an SSH tunnel. To set this up, whitelist the Basedash IP address: 24.199.77.73. For non-SQL data sources, we use Fivetran as a syncing mechanism to replicate your data into a secure data warehouse. This gives you a warehouse containing a copy of your data that you control—you can connect other tools to it or manage the data outside of Basedash as needed.

Access controls and user management

Basedash provides comprehensive access controls to ensure the right people have access to the right data. On our Enterprise plan, we support SSO using SAML 2.0 and OIDC, plus SCIM provisioning for keeping users and groups in sync with your identity provider. Within your organization, you can create groups and assign fine-grained access permissions to individual dashboards. For example, you could create a dashboard that only your support team can access, while maintaining separate dashboards exclusively for your engineering team. You can also restrict which data sources each group or member can query using data source access control. This granular permission system ensures sensitive business data is only visible to the appropriate stakeholders. Enterprise teams can also deploy Basedash in a private VPC or fully self-hosted environment when network isolation, custom retention, bring-your-own AI keys, or regional data handling requirements are part of the security review.

Audit logging and monitoring

Basedash provides native audit logs for access, queries, and configuration changes. These logs help security teams understand who accessed data, which queries were run, and how important settings changed over time.

AI data usage and privacy

To enable AI-powered chart creation and data analysis, Basedash sends metadata about your data sources and results from SQL queries to AI providers. This includes information like table and column names, as well as query results, which allows the AI to understand your data structure and build meaningful visualizations. Importantly, your data is not used for training purposes by either Basedash or AI model providers. The data sent to AI providers is used solely to generate charts, answer questions, and provide insights about your specific datasets, ensuring your business information remains private and is not incorporated into broader AI training datasets.

Data encryption

Security is maintained at every layer through comprehensive encryption. All connections to Basedash require HTTPS, and data in transit is encrypted using TLS protocols. Database credentials and SSH keys that you provide are encrypted using AES-256 encryption before being stored, ensuring that even if someone gained access to our systems, your credentials would remain protected.

Data retention and deletion

Basedash may cache certain data to improve performance. If your organization has specific data retention requirements, contact us at support@basedash.com and we’ll help you evaluate the right configuration. For data deletion, users can delete their account and associated data directly through the Basedash application. Alternatively, you can contact our support team at support@basedash.com to request data deletion on your behalf. We ensure complete removal of your data from our systems upon request.