Skip to main content

Security at FreshGuard

Your data security is our top priority. We employ industry-leading practices to protect your information at every level.

Our Security Commitment

Encryption Everywhere

  • • TLS 1.2+ for all data in transit
  • • AES-256 encryption for data at rest
  • • Envelope encryption for sensitive credentials
  • • Certificate pinning for API connections

Access Controls

  • • Role-based access control (RBAC)
  • • Multi-factor authentication (MFA)
  • • SSO via GitHub, Google, Microsoft
  • • Principle of least privilege

Secure Infrastructure

  • • Cloudflare edge network with DDoS protection
  • • Isolated database per workspace
  • • Network segmentation and firewalls
  • • Regular security patching

Monitoring & Detection

  • • 24/7 security monitoring
  • • Comprehensive audit logging
  • • Anomaly detection
  • • Incident alerting and response

Multi-Tenant Data Isolation

FreshGuard is built from the ground up with multi-tenant security in mind. Your data is isolated from other customers at every layer:

1

Application Layer

Every API request is validated against your workspace ID. You can only access data belonging to your organization.

2

Database Layer

Row-level security (RLS) ensures database queries are automatically filtered to your workspace, preventing accidental data leakage.

3

Credential Storage

Database credentials for your data sources are encrypted with keys unique to your workspace.

4

Audit Trail

All access to your data is logged and auditable, giving you visibility into who accessed what and when.

How We Handle Your Data

What FreshGuard Accesses

FreshGuard connects to your data sources to monitor data freshness, but we're designed to minimize data exposure:

  • Metadata only: Table names, column names, row counts, timestamps
  • No record contents: We don't read or store the actual data in your tables
  • Read-only access: We never write to your data sources
  • Minimal permissions: We only request the permissions needed for monitoring

Data Retention

Data Type Retention
Check execution results 30-365 days (by plan)
Alert history 30-365 days (by plan)
Audit logs 90 days - 1 year (by plan)
Account data Duration of account + 30 days

Responsible Disclosure

We appreciate security researchers who help us keep FreshGuard secure. If you discover a potential security vulnerability, please report it responsibly.

Report security issues to:

security@freshguard.dev

Please include a detailed description of the vulnerability, steps to reproduce, and your contact information. We commit to responding within 48 hours and will keep you informed of our remediation progress.

Questions about security?

We're happy to discuss our security practices in more detail. For enterprise customers, we can provide additional security documentation and assessments.

Contact Us View DPA

Last updated: 2026-01-30