Skip to main content

Security

CronDB is designed with security in mind. This page covers authentication options, API key security, session management, and best practices for protecting your account.

Security Settings

Authentication Methods

Email & Password

The default authentication method. Requirements:

  • Minimum 8 characters
  • At least one uppercase letter, one number, and one special character
  • Password is hashed with bcrypt before storage
  • CronDB never stores plaintext passwords

Google OAuth

Sign in with your Google account:

  1. Click Continue with Google on the login page
  2. Authorize CronDB to access your basic profile
  3. No separate password needed

Benefits:

  • Inherits your Google account's security (2FA, device management)
  • No CronDB-specific password to manage
  • Faster sign-in experience

SSO / SAML (Enterprise)

Enterprise plan customers can configure SAML-based SSO:

  1. Contact support@crondb.com to enable SSO
  2. Configure your identity provider (Okta, Azure AD, OneLogin, etc.)
  3. Provide your SAML metadata URL
  4. Team members sign in through your corporate identity provider

SSO benefits:

  • Centralized authentication management
  • Automatic provisioning and deprovisioning
  • Compliance with corporate security policies

API Key Security

Key Storage

  • API keys are hashed before storage using SHA-256
  • The full key is displayed only once at creation
  • CronDB cannot retrieve your original key

Key Rotation

Rotate keys periodically (recommended every 90 days):

  1. Create a new API key
  2. Update your applications to use the new key
  3. Verify the new key works in production
  4. Revoke the old key

Compromised Key Response

If you suspect an API key has been compromised:

  1. Revoke the key immediately — Go to Developer → API Keys → Revoke
  2. Create a new key — Generate a replacement
  3. Check usage logs — Review recent API calls for unauthorized activity
  4. Update your applications — Deploy the new key
  5. Audit access — Review who had access to the old key
Act Quickly

A compromised API key can be used to consume your quota, access your enrichment data, and make requests on your behalf. Revoke it as soon as you suspect a compromise.

Session Management

Session Duration

  • Web sessions — Expire after 7 days of inactivity
  • Active sessions — Remain active as long as you interact with the dashboard
  • Remember me — Extends session to 30 days

Viewing Active Sessions

  1. Go to Account → Settings → Security → Active Sessions
  2. See all devices and browsers where you are logged in
  3. Each session shows: device type, browser, IP address, last activity

Revoking Sessions

Click Revoke next to any session to log out that device:

  • Useful if you forgot to log out on a shared computer
  • The revoked session is terminated immediately
  • Revoke All logs out all devices except your current session

Data Security

Encryption

DataEncryption
Data in transitTLS 1.3
Data at restAES-256
API keysSHA-256 hash
Passwordsbcrypt

Infrastructure

  • CronDB runs on secure cloud infrastructure
  • Regular security audits and penetration testing
  • SOC 2 compliance (Enterprise plan)
  • GDPR compliant data processing

Data Retention

Data TypeRetention
Domain dataUpdated continuously
Lead listsUntil deleted by user
API logs90 days
Usage data12 months
Deleted accounts30 days, then permanently purged

Best Practices

For Your Account

  1. Use a strong, unique password — Do not reuse passwords from other services
  2. Use Google OAuth — Leverages Google's security infrastructure
  3. Review sessions regularly — Check for unauthorized access
  4. Keep your email current — Ensures you receive security notifications

For API Keys

  1. Never hardcode keys — Use environment variables or secrets managers
  2. Never commit keys to git — Add .env to your .gitignore
  3. Use separate keys per environment — Isolate production from development
  4. Rotate keys every 90 days — Minimize exposure window
  5. Monitor usage — Watch for unexpected spikes or patterns

For Teams

  1. Use least-privilege roles — Assign Viewer roles unless Member access is needed
  2. Remove departing members promptly — Revoke access when people leave
  3. Use SSO if available — Centralized access control for Enterprise
  4. Audit the activity log — Review team actions periodically

Reporting Security Issues

If you discover a security vulnerability in CronDB:

  • Email security@crondb.com
  • Include a detailed description of the issue
  • Do not publicly disclose the vulnerability before it is resolved
  • We aim to acknowledge reports within 24 hours

Next Steps

Try it now →