Userbase

Docs : FAQ

What data does Userbase end-to-end encrypt?

All the data stored using the insertItem, updateItem, deleteItem, or putTransaction APIs is end-to-end encrypted. Both the stored item and the item ID are end-to-end encrypted. Other user data and metadata, such as usernames, timestamps, and user activity logs, are encrypted on the wire and at rest, but are not end-to-end encrypted.

Where is the user's encryption key stored?

The user's encryption key gets randomly generated when the user creates an account, and this key gets encrypted itself with another key derived from the user's password. The encrypted key gets stored on the Userbase server, and the user retrieves it back after every successful login. The Userbase server never sees the user's password, and it only receives an scrypt hash of the password that gets computed client-side.

What happens if a user forgets the password?

Resetting a user's password is possible, but only when the user has provided an email address during signUp or updateUser, and when the user has previously signed in with the rememberMe option set to 'local'. In this case, the user will have the encryption key saved in the browser's local storage, and the user will be able to regain access to the account by getting a temporary password via email. The user must still have access to a previously used device in order to be able to reset the password. Therefore, if you want to allow your users to reset their password, make sure to set rememberMe to 'local' during signUp and signIn, and make sure you require an email address during signUp and updateUser. We still recommend that you inform your users that since their data is end-to-end encrypted, they should take care to store their password in a safe place, such as a password manager. Recovery will not be possible if the user loses access to all previously used devices.

What can I see about my users?

You can see the list of usernames, the time the user accounts were created, and any other information you collect during user sign up, such as users' email, name, address, etc.

What can I do with my users?

From the Admin panel you can see all your users, suspend user accounts, and permanently close user accounts.

How can I close my Userbase Admin account?

You can close your Userbase Admin account from the Admin panel. Once you close your Userbase Admin account, all your apps will stop working. If you closed your account in error, please get in touch to check if we can still recover it.

What happens if I exceed the 1 GB storage limit?

At the moment, Userbase is not metering data storage, and nothing will happen if you exceed it. In the future, Userbase will have other pricing plans that allow higher storage volumes. If you happen to be exceeding the limit when these new pricing plans become available, we will ask you to upgrade to the new plans.

Can data be shared across users?

This feature will be available soon. At the moment, users only have access to their own data.

How does Userbase help me with GDPR compliance?

Userbase helps you implement the necessary GDPR controls, avoid personal data misuse, and give your users control over their data. If you need assistance with GDPR compliance, please get in touch.

How durable is the data stored in Userbase?

Userbase only acknowledges data modification requests once the data has been successfully persisted to Amazon DynamoDB. This is a highly-durable service that synchronously replicates data to at least three isolated geographical zones before acknowledging a write operation. Userbase has continuous backups enabled on all its DynamoDB tables with a 35 day recovery window.

What services does Userbase depend on?

Userbase runs entirely on Amazon Web Services, in the us-east-1 region. The availability of the Userbase service depends on Amazon EC2, Amazon S3, and Amazon DynamoDB.