Data Encryption

​

Encryption Overview

​

Encryption in Transit

​

TLS 1.3

• Protocol: TLS 1.3 (latest standard)
• Cipher suites: Modern, secure algorithms only
• Certificate: Issued by trusted certificate authority
• HSTS: Strict transport security enforced

​

API Connections

Your Browser ←→ TLS 1.3 ←→ Adapt
Your Integrations ←→ TLS 1.3 ←→ Adapt
Adapt ←→ TLS 1.3 ←→ Third-party APIs

​

Encryption at Rest

​

Database Encryption

• Algorithm: AES-256
• Key management: Google Cloud KMS
• Scope: All database fields, including backups

​

File Storage

• Algorithm: AES-256
• Service: Google Cloud Storage with default encryption
• Additional: Server-side encryption enabled

​

Backup Encryption

• Database backups: Encrypted with same keys
• Retention: Encrypted throughout lifecycle
• Deletion: Secure, cryptographic erasure

​

Secret Encryption

​

Organization Secrets

Your API Key → AES-256 (org key) → Encrypted Storage

​

Key Hierarchy

1. Master key: Stored in hardware security module (HSM)
2. Organization key: Derived from master key, unique per org
3. Data encryption key: Used to encrypt actual secrets

​

Key Rotation

• Master keys rotated per security policy
• Organization keys can be rotated on request
• Automatic re-encryption during rotation

​

Your Control

​

Data Visibility

• Integration connections in Settings
• Data sources used in each query
• Stored secrets (names only, not values)

​

Data Deletion

• Immediately removed from active systems
• Purged from backups within 30 days
• Cryptographically unrecoverable

​

Revoke Access

1. Go to Settings > Integrations
2. Click the integration
3. Click Disconnect

​

Technical Details

​

Algorithms

​

Infrastructure

• Cloud provider: Google Cloud Platform
• Key management: Google Cloud KMS
• HSM: FIPS 140-2 Level 3 certified
• Region: United States (configurable for enterprise)

​

Questions?

• Email: security@adapt.com
• Documentation: Request our security whitepaper