Security Overview
NetPad implements enterprise-grade security features to protect your data and applications.
Security Featuresโ
Authentication Securityโ
- Magic Links: Time-limited, single-use tokens
- Passkeys: WebAuthn/FIDO2 biometric authentication
- OAuth: Secure OAuth 2.0 flows
- Session Management: Encrypted, secure sessions
Data Securityโ
- Connection Vault: AES-256-GCM encryption
- Field-Level Encryption: MongoDB Queryable Encryption
- HTTPS Only: All connections encrypted
- Secure Cookies: HTTP-only, secure flags
Access Controlโ
- Role-Based Access: Granular permissions
- Form Access Control: Public, authenticated, restricted
- Organization Isolation: Multi-tenant security
Bot Protectionโ
- Turnstile CAPTCHA: Cloudflare integration
- Rate Limiting: Prevent abuse
- Configurable: Enable per form
Audit Loggingโ
- Platform Audit: System-wide events
- Organization Audit: Org-specific events
- Form Audit: Form access tracking
- Workflow Audit: Execution logging
Security Best Practicesโ
- Use Strong Authentication: Prefer passkeys or OAuth
- Enable MFA: Add extra security layer
- Encrypt Sensitive Data: Use field-level encryption
- Regular Updates: Keep system updated
- Monitor Access: Review audit logs regularly
Complianceโ
NetPad supports:
- GDPR: Data protection compliance
- CCPA: California privacy compliance
- SOC 2: Security controls (if certified)
Next Stepsโ
- Encryption - Learn about encryption
- Access Control - Understand access control
- Best Practices - Security best practices