Your data, handled like ours.
We work on production databases for a living — credentials in plaintext, dumps with PII, and "temporary" access that someone forgot to revoke. We've seen all of it. Here's how we don't add to that pile.
Encrypted in transit
TLS 1.2+ on every connection. SSH tunnels for legacy targets. We refuse plaintext database connections, full stop.
No plaintext at rest
Connection strings and credentials are encrypted with Laravel's app key. Schema dumps live in private storage, never on the public disk.
Least privilege
We ask for the minimum role needed for each phase: read-only for audit, scoped DML for migration, briefly elevated for cutover. Access is revoked immediately after.
Staging by default
We never run experiments on production. Every change is validated on a staging copy first, with a written go / no-go gate before cutover.
PII-aware sanitisation
Schema dumps for analysis are sanitised — emails hashed, PII columns masked, payment data removed. We do not need real customer data to do our job.
Audit trail
Every connection we make is logged on our side. You can ask for the log at any point and we hand it over.
What we do with your data.
Four checkpoints, from "you sent it" to "we deleted it".
Credentials and dumps come in over TLS via our encrypted upload endpoint or your preferred secret manager. We never accept credentials over email.
Access is scoped to one engineer + one staging environment. Every read or write is logged on our side. Nothing is mirrored to local laptops or unmanaged storage.
Before any analysis output leaves our environment, dumps are sanitised — PII masked, payment data removed. Reports never include raw rows from your tables.
Within 30 days of order completion, your dump, credentials, and staging copy are securely deleted. You receive a deletion confirmation in writing.
Need an NDA or DPA before we talk?
We sign mutual NDAs and standard DPAs with no fuss. Email us and we'll have something back the same day.