Your security, our priority
Security isn’t just a layer—it’s the logic behind everything we build. We operate with a security-first mindset across our infrastructure and daily decisions. If you discover any vulnerability, bug, or issue that could impact Base44 or our users, please report it right away so we can review and address it quickly.
Governance, risk & compliance
At Base 44, security and privacy aren’t just part of the process, they define it. From product design to everyday decisions, protecting data and earning trust are built into everything we do. We hold a SOC 2 Type II report and aligned with GDPR standards, turning compliance from a requirement into a mindset. For payments, we partner with leading global providers to keep every transaction seamless and secure. Our security and privacy governance establishes clear structures and controls across the company, ensuring risks are identified, assessed, and managed responsibly.
Compliant
SOC 2 Type II
Independent audit framework evaluating the design and effectiveness of security and operational controls.
In progress
ISO 27001
International standards for managing information security and privacy controls.
Security you can build on
Security controls and compliance practices are applied consistently throughout all stages
Secure Software Development Lifecycle (SSCLC)
Security is at the core of every stage in how we design, build, and maintain our products. Through threat modeling, secure design, code reviews, and penetration testing, Base 44 implements proven best practices to ensure reliable protection across the platform. These controls are integrated throughout the SDLC, enabling early identification and effective resolution of potential risks.
Penetration testing
We perform both internal tests and third-party penetration testing to validate the security of our environment. These assessments, based on OWASP methodologies, simulate real-world attack scenarios to identify vulnerabilities and evaluate the effectiveness of our defenses. All findings are reviewed, prioritized, and tracked as part of our continuous security improvement process.
Secure payments & anti-fraud
Payment processing is handled by trusted, PCI DSS–certified providers to ensure customer payment information remains secure and compliant with global standards. Sensitive payment data is encrypted in transit and is never stored within our environment. Our risk management framework protects against fraud, abuse, and safety threats across our entire platform. From secure payment processing to content moderation, we combine industry-leading third-party solutions with proprietary technologies to keep our community safe.
Third-party risk management
Base 44 maintains a comprehensive Third-Party Risk Management (TPRM) program designed to ensure that all vendors comply with our security and compliance standards. Vendors are assessed against defined requirements, and their adherence is periodically validated to confirm ongoing alignment with our expectations.
Bug Bounty Program
We believe that transparency and collaboration are key to maintaining strong security. That’s why we operate a comprehensive bug bounty program that invites independent security researchers from around the world to responsibly disclose vulnerabilities. By opening our doors to the wider security community, we continuously challenge our systems, learn from diverse perspectives, and strengthen our defenses.
Every submission is carefully reviewed and validated by our security team to ensure accuracy and impact assessment. Confirmed vulnerabilities are prioritized for remediation according to their severity and potential risk. This structured process not only ensures rapid mitigation but also helps us continuously evolve and improve our overall security posture.
Our bug bounty program embodies our commitment to proactive security - turning potential threats into opportunities to grow stronger, together.
Subprocessors Directory
Mongo
Data storage and hosting
COUNTRY
US
SendGrid
Email transmission and external communication
COUNTRY
US
Langfuse
LLM logging
COUNTRY
Germany
Logfire
General logging purposes
COUNTRY
UK
Render
Server services
COUNTRY
US
GCP - Google cloud
Analytics services
COUNTRY
US
OpenAI
API calls to LLM
COUNTRY
US
Anthropic
API calls to LLM
COUNTRY
US
Wix.com Ltd.
Providing and improving the services
COUNTRY
Israel
Account security
Security is integrated into the platform by design, so every application starts protected, and you have the flexibility to take security even further.
Authentication & SSO
Individual Users: Base 44 supports Google SSO, enabling secure and seamless authentication. We also support traditional email+password based login which includes Anti-Bot controls and email verification.
Enterprise Customers: Our platform supports multiple customer-managed SSO IDPs, giving organizations the power to enforce secure access and manage visibility across all their applications. Organizations have the option to enforce SSO across all apps built on Base44.
Application security center
As part of our built-in security offering, we provide users with an Application Security Center that scans each created app and guides them on how to avoid common security pitfalls — such as misconfigured RLS, exposed secrets, or unauthenticated API endpoints.
Data Access Control
Each dataset has its own security rules that define who can read, write, create, and delete records. Multiple rules are combined using OR logic.