First Year in Review

January 21, 2021

We launched Userbase 1 year ago promising the easiest way to create secure and private web apps — and it's gotten way easier!

Along with a number of optimizations and bug fixes to maximize Userbase’s performance and safeguard reliability.

We also added a free Starter tier with the following limits:

  • 1 web app.
  • 100 users.
  • 100 MB storage.
  • Limited support.

We listened, heard, and worked hard to make sure Userbase has everything you need to build powerful, secure, private apps. And there's plenty more to come!

Security Review Complete

August 20, 2020

Cossack Labs has completed a security audit of Userbase!

Userbase is a database-like product, purpose-built for web app user data. Unlike regular databases, user data is end-to-end encrypted using an encryption key that is never exposed to the Userbase server. Users own their own databases which are partitioned from databases of other users on the server-side, and can share their databases with other users, without exposing private keys to the server. Userbase is accessible through a very simple JavaScript SDK, directly from the browser.

We picked Cossack Labs because they specialize in cryptographic data security tools (both developer tools and bespoke solutions) for modern applications. Cossack Labs' experts that participated in this audit have decades of hands-on practical experience and formal backgrounds in information security and cryptography.

Cossack Labs found that Userbase prevents an adversary with privileged access to the Userbase server from accessing protected user data under the chosen set of assumptions and constraints. They also provided us with a list of findings and recommendations to strengthen Userbase. We have already implemented a number of their recommendations, and will continue implementing the rest as we work to improve Userbase.

Here is Cossack Labs’ public security audit report.

Here are our supporting documents:

Userbase can be contacted at or via Twitter @UserbaseHQ. If you believe you've found a security-related issue, please drop us an email at - bug bounty program may apply.

Cossack Labs can be contacted at or

Follow @UserbaseHQ on Twitter for more frequent updates.