basestash

Security

Last updated July 11, 2026

Basestash exists to be the copy of your data that survives when something else fails. That only works if you can trust how we handle it, so this page spells out exactly what we do — in specifics, not adjectives.

Your Airtable tokens

The personal access token you provide is encrypted with AES-256-GCM before it is stored, using a dedicated encryption key that lives only in the server environment — never in the database alongside the ciphertext. Tokens are decrypted only at the moment a backup or a restore you requested runs. They are never displayed back to anyone, including you, and never written to logs. We recommend scoping your token to read access plus the specific bases you want backed up; write scope is only needed if you want one-click restore.

Tenant isolation

Every database query and every storage path is scoped to your account. Data is stored under per-tenant prefixes, and the application enforces the tenant boundary on every read and write — there is no code path that lists or touches data across accounts. This isolation is covered by automated tests that run on every change.

Immutable snapshots

Once a snapshot completes, it is never modified. Restores and exports read from snapshots; nothing rewrites them. Retention deletes whole snapshots only after your plan’s retention window has fully expired — pausing, downgrading, or canceling never triggers early deletion.

Encryption in transit

All traffic — between your browser and Basestash, and between Basestash and the Airtable API — is encrypted with TLS. Internal object storage is fronted by the same TLS termination as the app itself.

Our own disaster recovery

A backup service that can lose its backups is worthless, so Basestash’s own infrastructure is backed up offsite, to a separate provider in a separate failure domain: the database is dumped and shipped offsite daily, customer snapshot objects are mirrored hourly, and configuration secrets are backed up encrypted (AES-256) with a key held out-of-band. The offsite mirror is append-only — deletions on the primary do not cascade to it.

We also actually test this: restore drills pull a real offsite backup and restore it into a scratch environment, verifying the data matches production. The most recent drill was run on July 11, 2026 and passed with byte-identical results.

Payments and email

Payments are processed by Stripe; card numbers never touch our servers. Transactional email is sent through Resend. Each provider receives only the minimum its role requires — see the privacy policy for the full list of processors.

Rate limiting and hardening

The application enforces per-IP rate limits on sensitive routes, validates webhook signatures, applies a strict Content-Security-Policy with per-request nonces, and rejects cross-origin mutations. Airtable API access is throttled to stay inside Airtable’s published limits so backups never degrade your own API usage.

Reporting

Found a vulnerability, or have a security question we haven’t answered here? Email support@basestash.net — security reports are read first and answered fast. If we become aware of a breach affecting your data, we will notify you without undue delay.