Automate your work.
Build something new.
Join the Latenode Discord Server!
At Latenode.com, we are deeply committed to the privacy and security of your information. This document provides an overview of our key practices and policies related to data handling and security. While this is not a comprehensive list, it highlights our main procedures and commitments.
Should you discover a potential security vulnerability in Latenode.com, we encourage you to inform us promptly. Please reach out to [email protected] with your findings.
If you believe that resources from Latenode.com are being used for unlawful activities or in violation of our Terms of Service, please to [email protected]. We take such reports seriously and investigate them promptly to maintain the integrity and security of our platform.
Latenode.com is hosted on the Amazon Web Services (AWS) platform in the us-east-1 region. Our platform's infrastructure, including the physical hardware and data storage, is located in data centers managed and secured by AWS. For detailed information on AWS's security practices and compliance certifications, please visit this link.
In addition to AWS's robust security measures, Latenode.com implements additional safeguards for accessing AWS resources. These include, but are not limited to, the use of multi-factor authentication for AWS access, operating services within a private network that is not accessible via the public internet, among other security controls.
To ensure the security of our infrastructure, Latenode.com utilizes Cloudflare WAF, along with custom alerts to monitor and defend against potential cyber threats, including DDoS attacks.
Our team is equipped to respond swiftly to any security incidents, guided by our comprehensive incident response policy.
When you integrate a third-party application with Latenode.com, you might be prompted to authorize a Latenode.com OAuth application for access to your account, or to provide an API key or other credentials. This section outlines how we handle such grants and keys.
For applications supporting OAuth integration, Latenode.com prefers this method. OAuth allows Latenode.com to request access to specific resources in your third-party account without needing your long-term credentials. We use short-term access tokens that must be refreshed regularly, and most applications offer a way to revoke Latenode.com's access at any time.
In cases where a third-party application doesn't offer OAuth, you may need to provide an API key or another form of authorization. We advise limiting the API key's access to only the necessary resources within Latenode.com, if your application allows such restrictions.
Latenode.com securely encrypts all OAuth grants, key-based credentials, and environment variables at rest in our production database. This database is housed in a private network, and its backups are also encrypted. The encryption key, managed by AWS KMS, uses 256-bit AES in GCM mode. Only select team members have access to administer these keys, which are rotated annually.
You have the option to delete your OAuth grants or key-based credentials at any time via https://app.latenode.com/connections. However, removing OAuth grants within Latenode.com does not revoke our access to your third-party account. To do this, you must revoke access through the third-party application's own OAuth management system.
When accessing Latenode.com's web application, all traffic between your device and Latenode.com services is encrypted in transit. This ensures that your data remains secure as it moves across the internet.
Regarding the management of certificates, Latenode.com leverages the Cloudflare SSL manager for all our certificates, including those used for custom domains. This approach removes the need for our team to handle the private keys of certificates directly, as Cloudflare securely manages them. Additionally, the renewal of these certificates is automated and managed by Cloudflare, ensuring continuous protection without manual intervention.
At Latenode.com, we ensure the security of our customer's data at rest within our databases and data stores. To manage and secure our encryption keys, we utilize AWS KMS, with all keys being under the control of Latenode.com.
Access to administer these keys is strictly limited to a select group of our team members, ensuring high-level security management.
At Latenode.com, we use GitLab for storing and versioning all our production code. This ensures that we have a robust system for tracking changes and maintaining code integrity. To protect our GitLab organization, employee access is secured with multi-factor authentication and a Virtual Private Network.
We have stringent policies in place regarding who can deploy code to production. Only authorized Latenode.com employees are permitted to do so. All deployments undergo thorough testing and are closely monitored both before and after release, ensuring the highest standards of quality and security.
Latenode.com actively monitors our code, infrastructure, and core applications for any known vulnerabilities. Our team is committed to addressing and resolving critical vulnerabilities promptly and efficiently. This proactive approach to vulnerability management is a key part of our commitment to maintaining a secure and reliable platform for our users.
Latenode.com has partnered with Stripe as our primary payment processor. When you subscribe to any of our paid plans, your payment method details are transmitted to and securely stored by Stripe, by their stringent security policies. It's important to note that Latenode.com does not retain any information about your payment method. This ensures maximum security for your financial data, leveraging Stripe's robust and industry-standard security measures.