Tightknit Data Security & Privacy

At Tightknit, we take data security and privacy seriously. We implement industry-standard encryption, retention policies, and access controls to ensure customer data remains secure at all times.

Data Encryption

Tightknit follows best practices for encrypting data at rest and in transit, ensuring sensitive information is protected against unauthorized access.

Encryption at Rest

  • All stored data, including backups, is encrypted using AES-256 encryption, the industry standard for secure data storage. See Supabase security.

Encryption in Transit

  • Data transmitted between clients and our servers is encrypted using TLS 1.3 to protect against interception.

  • SSL certificates are managed through Cloudflare and Vercel.

Data Retention & Deletion

Tightknit provides flexible data retention policies to ensure customers maintain control over their information.

Deleting Data

Users with the appropriate permissions can delete content within Tightknit.

Deleting Workspaces

Workspace owners can delete their entire workspace, including all associated data. Full deletion, including backups, is completed within 30 days.

Subscription Cancellation

Customers have 30 days to export their data after subscription cancellation. After this period, Tightknit is not obligated to retain customer data and may delete all related records.

Subprocessors

To ensure seamless service delivery, Tightknit engages select subprocessors for specific functionalities. A complete list of subprocessors is available in our [Trust Center], where users can sign up for updates regarding any changes.

Data Breach Disclosure

Data breaches are an unfortunate reality that can threaten organizations.

As a result, Tightknit is committed to taking all commercially reasonable measures to secure your customer data. This is why we are overwhelmingly transparent and about our security practices to give you the confidence in our infrastructure, processes, tooling, and policies to safeguard your data.

Tightknit has not had an identified data breach since commencing operations. In the unlikely event of a data breach, Tightknit is prepared to take steps to limit the effects of any data breach and to assist any customers potentially affected by a data breach with meeting their obligations under law.

Data breach definition

Tightknit defines a data breach as any accidental or unlawful destruction, loss, alteration or unauthorized disclosure of access to customer data.

Notification Process

Tightknit will notify customers without undue delay after becoming aware of a data breach. Customers will be contacted by email, Slack (when available), and phone (when provided), and followed by multiple periodic updates throughout each day addressing progress and impact.

Compliance with Global Privacy Laws

  • As a global company, Tightknit complies with relevant privacy laws, including GDPR and CCPA.

  • Customers will be informed if a breach impacts compliance obligations.

Logical Separation & Multi-Tenancy

Tightknit utilizes a multi-tenant architecture where all customers share the same computing resources. Logical separation of data between customers and correct access is enforced through PostgreSQL Row Level Security (RLS). Transaction-scoped configuration variables are leveraged in RLS policies to ensure the correct access permissions.

Software Development Life Cycle (SDLC)

Tightknit maintains documented Software Development Life Cycle (SDLC) policies and procedures to guide developers in implementing and documenting application and infrastructure changes.

Development Environments

All code is deployed and tested in a staging (development) environment that is functionality equivalent to production environments. Tightknit performs testing and quality assurance procedures in this staging environment before releasing to the production environment that is used by customers. No customer data is ever used or accessible from staging or local development environments.

Version control

Tightknit employs Git version control to maintain source code versions and manage the migration of source code through the development process through to release. Using a decentralized version control allows multiple developers to work simultaneously on features, bug fixes, and new releases; it also allows each developer to work on their own local code branches in a local environment. Git maintains a history of code changes, supports rollback capabilities and tracks changes to individually identifiable developers.

All code is written, tested, and saved in a local repository before being synced to the origin repository. Writing code locally decouples the developer from the production version of the Tightknit code base and insulates Tightknit from accidental code changes that could affect users. Any changes involving the persistence layer (database) are performed locally when developing new code, where errors or bugs can be spotted before the change is deployed to users.

Code review

Code changes are managed and reviewed through Git pull requests. Every pull request is manually reviewed and approved by two developers before it can be merged. Automatic and integrated testing is also performed with each pull request, and all tests must pass before a code change can be merged.

Developers are trained in evaluating code for security defects as part of code review, and automatic testing is employed to test against common security defects.

Security bugs

Security bugs represent key issues and should be resolved quickly to maintain the security, confidentiality, privacy, processing integrity, and availability of the Tightknit service. Tightknit has SLAs in place to enforce compliance with resolving security bugs within reasonable timelines.

Was this page helpful?