is there any best practice if customer has sensitive data | Convex Community | Page 1

rough lance Oct 30, 2024, 10:06 AM

#

is there any best practice if customer has sensitive data and requires also eu data residency

topaz fableBOT Oct 30, 2024, 10:06 AM

#

Hi @rough lance. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:

#

Based on the provided knowledge sources, I can offer some insights regarding best practices for handling sensitive data and EU data residency requirements with Convex:

Sensitive Data Handling:
- For sensitive data, Convex recommends implementing end-to-end encryption. This approach ensures that even Convex administrators cannot access the data Discord support thread: file storage: how to make the files private and secure (https://discord.com/channels/1019350475847499849/1291524926917836874).
- You can implement access control at both the row level and the API endpoint level using Convex functions Discord support thread: Advice. When to choose convex over alternatives? benefits caveats etc. (https://discord.com/channels/1019350475847499849/1246430328646664274).
- For file storage, you can use HTTP actions to check authentication before serving files, rather than using ctx.storage.getUrl directly Discord support thread: file storage: how to make the files private and secure (https://discord.com/channels/1019350475847499849/1291524926917836874).

#

EU Data Residency:
- Currently, Convex does not offer EU data residency. All customer backends run in the US-East region Discord support thread: server region (https://discord.com/channels/1019350475847499849/1200217569563512853).
- Convex is aware of the importance of this feature for GDPR compliance and is planning to offer support for other regions, including the EU. However, as of the latest information, this is not expected until Q1 of next year Discord support thread: server region (https://discord.com/channels/1019350475847499849/1200217569563512853).
- For companies that require EU data residency for GDPR compliance, Convex may not be suitable at this time Discord support thread: GDPR compliance? (https://discord.com/channels/1019350475847499849/1111588909365858365).

In summary, while Convex offers robust options for securing sensitive data, it currently does not meet EU data residency requirements. Companies with strict GDPR compliance needs may need to explore alternative solutions or wait for Convex to implement EU region support in the future.

Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:

#

@rough lance Kapa.ai is still learning and improving, please let me know how I did by reacting below.

rough lance Oct 30, 2024, 10:15 AM

#

@topaz fable you think is a good idea at the moment to use opensource convex

topaz fableBOT Oct 30, 2024, 10:15 AM

#

Let me check the knowledge base for you again. One moment! :books:

#

Based on the information provided in the knowledge sources, I can offer some insights about using the open-source version of Convex:

Availability: Convex has indeed open-sourced its backend, client libraries, and CLI. The open-source backend is available on GitHub and contains the same up-to-date code used by the cloud service Open Source (https://docs.convex.dev/open-source).
Functionality: The open-source version supports all app APIs, meaning any project that runs in the cloud service can be run by the open-source backend Open Source (https://docs.convex.dev/open-source).
Use cases: The open-source version can be used for local testing or even in production Open Source (https://docs.convex.dev/open-source).
Limitations:
- The open-source version doesn't include scale-out services, replicated database backend, production dashboard, or operational tooling Open Source (https://docs.convex.dev/open-source).
- There's currently no built-in web interface to browse database tables, although this feature is planned for the future Discord support thread: Does open source version of Convex have web interface? (https://discord.com/channels/1019350475847499849/1277564703224234107).
- Some features like scheduled functions and randomness mocking are not fully supported in the local backend Stack > > Running tests using a local open-source backend > Limitations (https://stack.convex.dev/testing-with-local-oss-backend#limitations).
Management: If you choose to use the open-source version, you'll be responsible for managing it and ensuring the system is reliable and secure Open Source (https://docs.convex.dev/open-source).

#

Whether using the open-source version of Convex is a good idea depends on your specific needs and resources. It could be beneficial for local development, testing, or if you need full control over your data and infrastructure. However, you'll miss out on the managed service benefits and some features of the cloud version.

If you're considering using it for production, carefully evaluate your team's capacity to manage and secure the system. For many users, especially those without extensive infrastructure management resources, the managed cloud service might still be the more practical choice.

#is there any best practice if customer has sensitive data

In summary, while Convex offers robust options for securing sensitive data, it currently does not meet EU data residency requirements. Companies with strict GDPR compliance needs may need to explore alternative solutions or wait for Convex to implement EU region support in the future.

Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:

If you're considering using it for production, carefully evaluate your team's capacity to manage and secure the system. For many users, especially those without extensive infrastructure management resources, the managed cloud service might still be the more practical choice.

Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: