Trust & Security
PerSQL runs on Cloudflare. Every database is an isolated SQLite instance with its own storage — no shared engine or pool between customers. The security documentation covers authentication, isolation, encryption, logging, and backups in full. Report a vulnerability to security@persql.com.
Controls
- Isolation — one isolated database per customer; no shared query engine, pool, or cache.
- Encryption — TLS 1.2+ in transit; provider-managed encryption at rest.
- Authentication — OAuth and email sign-in for the console; revocable, workspace-scoped bearer tokens for the API, stored hashed.
- Recovery — 30-day point-in-time recovery on every database, plus labeled snapshots and long-term archives.
- Auditability — Schema changes, membership changes, and schedule runs are recorded per workspace.
Compliance posture
- SOC 2 Not started
- PerSQL runs on Cloudflare infrastructure, which is independently SOC 2 Type II and ISO 27001 certified. We have not begun an audit of our own application-layer controls and will pursue one as enterprise demand warrants.
- GDPR Supported
- We act as a data processor and sign a Data Processing Addendum on request. Subprocessors are listed below.
- Data residency Supported
- Pin a database to a region — including Western Europe — at creation. Database contents stay in-region; the control-plane metadata store (IDs and slugs, never database contents) is global.
- HIPAA Not eligible
- We do not sign Business Associate Agreements (BAAs). Do not store protected health information (PHI) on PerSQL.
- PCI-DSS Out of scope
- Payments for PerSQL run through Stripe, so cardholder data never reaches our systems. PerSQL is not PCI-DSS assessed — do not store cardholder data (PANs) in your databases.
Subprocessors
Effective June 7, 2026. We notify workspace owners of material changes to this list before a new subprocessor begins processing customer data. Email security@persql.com to subscribe to change notices.
| Subprocessor | Purpose | Data | Location |
|---|---|---|---|
| Cloudflare, Inc. | Compute, database storage, edge networking, DNS, AI inference | Customer database contents, account metadata, usage telemetry | Global edge (region-pinnable per database) |
| Stripe, Inc. | Payments and billing | Email, workspace identifier, payment method (held by Stripe) | United States |
| Resend (Plus Five Five, Inc.) | Transactional email — alerts, invitations | Email addresses, member names | United States |
Data handling
Your database contents are your confidential data. We do not sell customer data and we do not use it to train machine-learning models. The natural-language query feature runs on Cloudflare Workers AI, which does not train on inputs. Query analytics record identifiers, row counts, and timing — not your SQL text or parameters.