Appsmith
GithubDiscordAppsmith CloudCommunity Forum
Search…
v1.3
Introduction
Setup Appsmith
Tutorials
How To Guides
Debugging Errors
FAQs
Telemetry
Security
Core Concepts
Connecting to Data Sources
Displaying Data (Read)
Capturing Data (Write)
Writing Code
Designing an Application
Building Dynamic UI
Access Control
Datasource Reference
Amazon / Generic S3
ArangoDB
DynamoDB
Elasticsearch
Firestore
Google Sheets
MongoDB
MS SQL
MySQL
PostgreSQL
Redis
Redshift
Snowflake
SMTP
Framework Reference
Cheat Sheet
appsmith
Query
Show Modal
Close Modal
Download
Show Alert
Navigate To
Store Value
Copy To Clipboard
Reset Widget
JavaScript Editor (Beta)
Widget Reference
Audio
Audio Recorder
Button
Button Group
Camera
Chart
Checkbox
Checkbox Group
Container
Datepicker
Divider
Document Viewer
Form
Filepicker
Icon Button
Iframe
Image
Input
List
Maps
Map Chart
Menu Button
Modal
Multi-select
Multi-tree-select
Progress Bar
Radio Group
Rating
Rich Text Editor
Select
Stat Box
Switch
Switch Group
Tabs
Table
Text
Tree-select
Video
Powered By GitBook
Security

Does Appsmith store my data?

No, Appsmith does not store any data returned from your API endpoints or DB queries. Appsmith only acts as a proxy layer. When you query your database/API endpoint, the Appsmith server only appends sensitive credentials before forwarding the request to your backend. The Appsmith server doesn't expose sensitive credentials to the browser because that can lead to security breaches. Such a routing ensures security of your systems and data.

Security measures within Appsmith

Appsmith applications are secure-by-default. The security measures implemented for Appsmith installations are:
  • On Appsmith Cloud, all connections are encrypted with TLS. For self-hosted instances, we offer the capability to setup SSL certificates via LetsEncrypt during the installation process.
  • Encrypt all sensitive credentials such as database credentials with AES-256 encryption. Each self-hosted Appsmith instance is configured with unique salt and password values ensuring data-at-rest security.
  • Appsmith Cloud will only connect to your databases/API endpoints through whitelisted IPs: 18.223.74.85 & 3.131.104.27. This ensures that you only have to expose database access to specific IPs when using our cloud offering.
  • Appsmith Cloud is hosted in AWS data centers on servers that are SOC 1 and SOC 2 compliant. We also maintain data redundancy on our cloud instances via regular backups.
  • Internal access to Appsmith Cloud is controlled through 2-factor authentication system along with audit logs
    (audit logs here is in reference to Appsmith cloud hosted instance only and should not be confused with audit logs
    feature) .
  • Maintain an open channel of communication with security researchers to allow them to report security vulnerabilities responsibly. If you notice a security vulnerability, please email [email protected] and we'll resolve them ASAP.
Previous
Telemetry
Next - Core Concepts
Connecting to Data Sources
Last modified 2mo ago
Copy link
Edit on GitHub
Contents
Does Appsmith store my data?
Security measures within Appsmith