Userbase

Announcements

Follow @UserbaseHQ on Twitter for more frequent updates.

August 20, 2020 - Security Review Complete!

Cossack Labs has completed a security audit of Userbase!

Userbase is a database-like product, purpose-built for web app user data. Unlike regular databases, user data is end-to-end encrypted using an encryption key that is never exposed to the Userbase server. Users own their own databases which are partitioned from databases of other users on the server-side, and can share their databases with other users, without exposing private keys to the server. Userbase is accessible through a very simple JavaScript SDK, directly from the browser.

We picked Cossack Labs because they specialize in cryptographic data security tools (both developer tools and bespoke solutions) for modern applications. Cossack Labs' experts that participated in this audit have decades of hands-on practical experience and formal backgrounds in information security and cryptography.

Cossack Labs found that Userbase prevents an adversary with privileged access to the Userbase server from accessing protected user data under the chosen set of assumptions and constraints. They also provided us with a list of findings and recommendations to strengthen Userbase. We have already implemented a number of their recommendations, and will continue implementing the rest as we work to improve Userbase.

Here is Cossack Labs’ public security audit report.

Here are our supporting documents:

Userbase can be contacted at support@userbase.com or via Twitter @UserbaseHQ. If you believe you've found a security-related issue, please drop us an email at security@userbase.com - bug bounty program may apply.

Cossack Labs can be contacted at cossacklabs.com or info@cossacklabs.com.