Security
Practical security for production systems.
Snaapi is built with security conscious defaults across authentication, access control, encryption, logging, and monitoring. We are focused on building a trustworthy platform and being clear about what is in place today.
Platform
Security controls.
- Authentication
- Snaapi Cloud supports email and password, passkeys, and single sign on with GitHub and Apple.
- Access control
- Each API is deployed as a standalone system. RBAC is built into console.snaapi.dev so organizations can manage members and access levels.
- Encryption
- Databases are encrypted at rest. Traffic to Snaapi Cloud is encrypted in transit.
- Logging and monitoring
- Snaapi uses application logs and tracing through Deno Deploy, audit logs in the platform, OpenTelemetry based monitoring, and Sentry for error alerting.
- Code and dependency hygiene
- We use dependency scanning, secret scanning, and GitHub pull request based code review as part of our development workflow.
- Infrastructure
- Snaapi Cloud is hosted on Deno Deploy v2. Databases for customer APIs are hosted on Neon Postgres. We are currently focused on our managed cloud offering. Self hosting is not available today, but it is planned for the future.
Customer data
How customer data is handled.
- Customer control
- Customers have full control over the data stored in their APIs and can edit or delete data as needed.
- Data export
- We can export customer API data when needed for support or debugging, but staff access is only performed with customer permission.
- Data deletion
- When customer data is deleted, it is removed from the database and is not recoverable by staff.
- Retention
- We retain logs as part of operating and monitoring the platform.
- Backups and recovery
- We run backups for the internal systems that support Snaapi Cloud. Automated backups for customer APIs are currently in development and are not yet available as a platform feature.
Working with us
Reviews, requests, and disclosure.
Security reviews and requests
If your team has specific security, procurement, or review requirements, contact us and we will discuss current capabilities and fit.
Responsible disclosure
If you believe you have found a security issue, please email us at [email protected]. Include enough detail for us to understand the issue and reproduce it. We appreciate responsible disclosure and will review reports as quickly as possible.
Ongoing effort
Security is an ongoing effort.
We are continuing to improve Snaapi's security posture as the platform grows. That includes expanding customer backup capabilities, maturing operational processes, and strengthening platform safeguards over time.