Security

Your credentials are never the weak link

DB AI Magic was built with database secrets as the threat model. Every piece of sensitive data is encrypted, scoped, and audited.

  • AES-256-GCM at rest

    Every connection string is encrypted with authenticated AES-256-GCM before it hits the database. Keys never leave the server.

  • JWT + refresh tokens

    Short-lived access tokens with rotating refresh tokens. HTTP-only cookies, signed and verified on every request.

  • Granular RBAC

    Per-connection permissions (read, write, schema, export) with a per-action audit log. Revoke instantly.

  • Google OAuth2

    One-click sign-in via Google with intent capture, so we never silently link existing accounts.

  • In-memory decryption

    Decrypted credentials live only inside a request scope. Pools auto-evict; nothing is logged or echoed.

  • Rate-limited APIs

    All endpoints are rate-limited at the edge with sane defaults — easy to harden further per-tenant.

Looking for the full security overview, sub-processor list and responsible-disclosure policy? Read the security policy →

No credit card · no install

Connect your first database in the next minute.

Sign up free, paste a connection string, and run your first AI query before your coffee gets cold.

Start freeSign in