Application Isolation

Quickbase ensures customer data is safe and secure by using a multi-tenant architecture. Application data lives in shared data stores, such as databases and file systems. Data may also be hosted in the same memory space of a runtime instance.

Quickbase also takes deliberate measures in the following areas to keep data safe and secure.

Role-based permissions for applications

Quickbase has RBAC for every application. This means RBAC is embedded throughout the entire runtime instance. Only people granted access to your application have access to the data. This applies to both activities in the UI and activities run through APIs.

Runtime engine runs on application metadata, not code

Unlike other products, Quickbase does not run or host code. The runtime engine runs exclusively on application metadata. Even with multiple applications hosted within the same memory space, a malicious actor cannot run code on the Quickbase platform that may exfiltrate your data.

Encryption at the platform level and application level

All communications sent to and from Quickbase over non-trusted Internet networks are encrypted using an up-to-256 bit (SHA2) TLS certificate, TLS 1.2 and 1.3.

Quickbase encrypts all customer app data and any files attached therein using an AES256 key. Additionally, all data at rest is also encrypted using AES256 or better.

Every application in Quickbase is encrypted with its own unique data key. Thus, two copies of an application will appear completely different at rest. You can pair this with our customer-held encryption key feature which lets you control how we store your data keys.