PrimeBase

PrimeBase Data Security

Last updated: January 11, 2026

At PrimeBase, security isn't an afterthought — it's built into every layer of our platform. Here's how we protect your data and ensure your business operations remain secure and compliant.

1. End-to-End Encryption

  • Data in Transit: All traffic between your browser/app and our servers is encrypted using TLS 1.2+.
  • Data at Rest: Sensitive data is encrypted using AES-256 encryption.
  • Bank Account & PII Fields: Fields like bank details, phone numbers, and emails are selectively encrypted at the column level within our database.

2. Role-Based Access Control (RBAC)

Every tenant has fine-grained control over user access:

  • Custom Roles & Permissions (e.g., `PROJECT.CREATE`, `CUSTOMER.DELETE`)
  • Multi-role support for users across teams
  • Access rules based on roles, ownership, or tags
  • Built-in auditability and change history for actions and data edits

3. Full Audit Logs

  • All key user and system actions are recorded in structured audit trails
  • Includes timestamps, actor/user ID, and affected records
  • Helps with internal accountability and external compliance (e.g., GDPR, SOC 2)

4. GDPR-Ready by Design

PrimeBase is built with privacy by default, ensuring compliance with the General Data Protection Regulation (GDPR) and similar laws:

  • Data exports and deletion available on request
  • Consent management tools (for future customer-facing use)
  • Data minimization and secure processing
  • Region-specific compliance support (EU, India, US)

5. Data Residency

Where is your data stored?

During the beta phase, all customer data is hosted in the United States on secure infrastructure provided by Google Cloud Platform (GCP).

We are actively working to support regional data residency options in the future, including:

  • European Union (EU) region
  • India region

As we expand, organizations will be able to choose their preferred data region — ensuring local compliance, performance, and trust.

6. Infrastructure & Hosting

  • Hosted on Google Cloud Platform (GCP) with secure VM and storage policies
  • Regular backups, versioning, and storage lifecycle rules in place
  • Edge functions deployed across regions with geo-based routing for reliability and low latency

7. Backups & Disaster Recovery

  • Daily encrypted backups
  • Regular integrity checks
  • Clear restoration procedures in the unlikely event of data loss

8. Team Access and Controls

  • Internal access to user data is strictly limited to authorized personnel
  • Access is role-restricted, logged, and reviewed
  • All team members undergo regular training in data handling and security practices

9. Responsible Disclosure

We welcome security reports and responsible disclosures. If you discover a vulnerability or issue, please contact us at:

support@primebase.io

Your Data. Your Control.

We believe in transparency, trust, and technical excellence. You own your data — we just help you manage it securely.

If you have any questions or concerns, don't hesitate to reach out to us at support@primebase.io.

← Back to PrimeBase