Security

Your vector data is isolated, encrypted, and accessed only through authenticated API keys. Here's how we protect it.

Data isolation

Each client's vectors are stored in separate files on disk and loaded into isolated memory regions on workers. There is no shared data plane between clients. A query for client A never touches client B's data.

  • Per-client file-level isolation on disk
  • Separate memory regions per collection
  • API key scoped to a single client

Authentication

Every API request requires a valid API key passed in the Authorization header. Keys are hashed with xxHash3 and cached in an LRU for fast validation without hitting the database on every request.

  • API key authentication on every request
  • Keys can be rotated from the dashboard
  • Rate limiting per client (60 req/s default)

Encryption

All client-to-coordinator traffic is encrypted with TLS 1.3 via nginx termination. Coordinator-to-worker traffic runs over an internal network. Data at rest is stored on encrypted volumes.

  • TLS 1.3 for all external connections
  • HTTPS enforced (HTTP redirects to HTTPS)
  • Encrypted storage volumes

Access control

The admin API is protected by a separate authentication token. OAuth 2.0 (Google and GitHub) is used for dashboard access. Session data is stored server-side in SQLite, not in cookies.

  • OAuth 2.0 for dashboard login
  • Admin API requires separate auth token
  • Server-side session storage

Infrastructure details

Network architecture

External traffic terminates at nginx, which handles TLS and proxies to the coordinator. Workers communicate with the coordinator over an internal network via WebSocket and are not exposed to the internet.

Secret management

Secrets (API keys, auth tokens, email credentials) are loaded from local environment files with restrictive permissions (chmod 600). No secrets are committed to source control or passed via command-line arguments.

Logging and audit

All API requests are logged with client ID, endpoint, and timestamp. Admin operations (client creation, tier changes, billing events) are recorded in SQLite with full audit trails.

Data retention

Vector data persists until explicitly deleted by the client or until a collection is removed. Census snapshots are archived daily. Paused-tier data is stored on HDD but is never deleted automatically.

Dependency management

The coordinator and workers are compiled Rust binaries with pinned dependency versions via Cargo.lock. Dependencies are audited for known vulnerabilities before upgrades.

Incident response

System health is monitored via the coordinator's health tracker. Worker disconnections trigger automatic query rerouting. Billing anomalies and auto-pause events generate email notifications.

Report a vulnerability

If you've found a security issue, please report it responsibly. We take all reports seriously and will respond within 24 hours.

security@vectorpanda.com