Security

Uncompromising trust.

We value your data sovereignty. Built on an architecture you can easily self-host, we ensure your intellectual property stays entirely yours.
Encryption
AES-256
TLS
1.3
Hosting
Self-host
GDPR Ready
GDPR · SOC 2
Our philosophy

Your data never leaves your control.

Security is not a layer we bolted on — it is the ground every query, connection, and user walks over. Polybase is built on strong cryptography, granular access rules, and a full self-host option so the most sensitive teams can trust it. Run our cloud or your own infrastructure — control stays with you.

The Pledge
  • TLS 1.3 encrypted communication in transit
  • Self-host: full control on your own infrastructure
  • Designed around GDPR principles
Security pillars

Every layer designed for defence.

Six core principles — every user and every bit flows through them.

01

Encryption

TLS 1.3 encrypted communication in transit. For sensitive at-rest data we recommend disk-level encryption (LUKS / cloud KMS).

TLS 1.3
02

Self-host option

Run Polybase on your own cloud or on-prem. A single Go binary, zero vendor lock-in.

Docker
03

Granular access

Every collection and field is protected by API rules that evaluate user roles and team memberships.

Row-level rules
04

Portable backups

Your entire workspace and its data can be backed up from a single file and moved to any region.

SQLite-based
05

Message audit trails

Message edits are recorded server-side as an immutable history. A general audit log panel is on the roadmap.

Message history · General audit (Soon)
06

Data sovereignty

With self-host you decide where your data lives. Compliance with local data residency laws stays fully in your hands.

Self-host
Architecture

Layered defence in depth.

Every request passes four checkpoints: edge, identity, application, and data. A failure in one component never exposes the entire system — the layers reinforce each other.

To make this auditable, the full rule engine is exposed — your auditors can inspect the policies directly inside Polybase.

  1. 01Edge

    Edge

    Reverse proxy and rate-limiting filter every request. WAF integration is on the roadmap.

  2. 02Identity

    Identity

    Standard email/password and API token authentication. Enterprise SSO/SAML/SCIM/2FA on the roadmap, on request.

  3. 03Application

    Application

    Role- and team-based API rules are evaluated on every read.

  4. 04Data

    Data

    Row-level policy on PocketBase; regular backups; optional disk-level encryption.

Every layer auditable
Compliance

Privacy by design.

We focus on principles over certifications: data minimization, explicit access rules, and full data control via self-host.

By design
GDPR
Ready

Designed around EU data protection principles; full data control with self-host.

Active
Self-host
Docker

Run on your own infrastructure with a single command; your data stays on your servers.

Active
Open Access Rules
API Rules

PocketBase API rules are open and auditable; your team can inspect policies directly.

Roadmap
SOC 2 / ISO 27001
Roadmap

Formal audit certifications are on the roadmap. We answer architecture questions on request.

Architecture

Full control with self-host

Your data, on your servers

Single Binary
Compiled in Go
Docker
One-command deploy
TLS 1.3
Modern encryption
Talk to our trust team

We take your questions seriously.

We answer your questions about architecture, deployment and security. You can request a tailored review for your team.

Email the trust teamRead documentation