├── README.md
├── aidmin-demo-final.mp4
├── docs
    └── ssh-tunneling.md
├── legal
    ├── privacy-policy.md
    └── terms-of-service.md
└── security-overview.md


/README.md:
--------------------------------------------------------------------------------
 1 | # Aidmin - Your database helper.
 2 | 
 3 | Welcome to the temporary homepage for Aidmin.
 4 | 
 5 | https://user-images.githubusercontent.com/882228/115136839-3d4a5a00-9fd7-11eb-9dfa-567cf5d13f9b.mp4
 6 | 
 7 | [Higher Quality Demo](https://www.loom.com/share/961636d33578410baec67582cffb3411)
 8 | 
 9 | ## Beta
10 | 
11 | The beta version of Aidmin can be found here: https://app.aidmin.io.
12 | 
13 | Aidmin is still in early development, and we'd love to get your feedback on which features are important to you. If you come across any bugs, please open an [issue](https://github.com/aidmin-io/aidmin/issues) against this repository and we'll be sure to address them in a timely manner. Similarly, if you'd like to submit a feature suggestion or have other ideas, please post in the [Discussion](https://github.com/aidmin-io/docs/discussions/categories/ideas) board.
14 | 
15 | ## What problems does Aidmin solve?
16 | 
17 | Give's your organization access to the database. Every early stage startup has certain actions only developers can perform, because it is often the case that only they have access to the database. Aidmin provides a simple spreadsheet like interface that anyone can use, granular role based access, and a full audit log.
18 | 
19 | **Other features:**
20 | 
21 | - Make multiple changes to a table (including adding and deleting rows), preview the SQL it is going to run, and then execute it.
22 | - Access to the database via SSO (Google only right now). Each user doesn't have to deal with connecting via a bastion host or having database credentials, and administrators don't have to worry about onboarding / offboarding access to bastion hosts and the databases themselves.
23 | - You can have well defined roles (Support, Product, etc) with very granular access:
24 |   - The Product team can toggle features, but not add or remove them.
25 |   - The Support team can view your change data capture tables but only the metadata.
26 |   - The Finance team can override billing details.
27 | - Get a detailed log of queries that are run against your database. We tell you what kind of action was performed, who performed it, how long it took, along with relevant contextual data.
28 | - Send deep links to filtered information inside a table.
29 | 
30 | **Coming soon:**
31 | 
32 | - Shared queries that will adapt to the role the user has.
33 | - Talk to us about your needs at product@aidmin.io.
34 | 
35 | ## Legal
36 | 
37 | - [Privacy Policy](https://github.com/aidmin-io/docs/blob/main/legal/privacy-policy.md)
38 | - [Terms of Service](https://github.com/aidmin-io/docs/blob/main/legal/terms-of-service.md)
39 | 
40 | ## Security
41 | 
42 | - [Security Overview](https://github.com/aidmin-io/docs/blob/main/security-overview.md)
43 | 
44 | ## Documentation
45 | 
46 | - [SSH Tunneling](https://github.com/aidmin-io/docs/blob/main/docs/ssh-tunneling.md)
47 | 


--------------------------------------------------------------------------------
/aidmin-demo-final.mp4:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aidmin-io/docs/40c8a1ed7c57f2ec62943d2c895a09e085ad30ea/aidmin-demo-final.mp4


--------------------------------------------------------------------------------
/docs/ssh-tunneling.md:
--------------------------------------------------------------------------------
 1 | # SSH Tunneling
 2 | 
 3 | It's a common practice to put your database in a private subnet, which means it is not accessible from outside of the network.
 4 | 
 5 | In order for Aidmin to communicate with a database that is not public, we support being able to communicate over a bastion host.
 6 | 
 7 | ## Security Details
 8 | 
 9 | Aidmin generates a private key for your workspace (which is encrypted in our database and then again at rest) that it uses to communicate with your bastion host. Aidmin then expects a user called `aidmin` to be setup on the bastion host and provides a public key for passwordless authentication.
10 | 
11 | ## Steps
12 | 
13 | 1. Create a user called `aidmin` on the bastion host
14 |    - Ubuntu: `sudo adduser aidmin --disabled-password`
15 |    - Amazon Linux: `sudo adduser aidmin --password NP`
16 | 2. Login as root
17 |    - `sudo su`
18 | 3. Create the authorized_keys file if it does not exist yet
19 |    - `mkdir -p /home/aidmin/.ssh`
20 |    - `touch /home/aidmin/.ssh/authorized_keys`
21 | 4. Use your favourite editor to add Aidmin's public key to the file
22 |    - `vim /home/aidmin/.ssh/authorized_keys`
23 | 5. Set proper permissions on the authorized_keys file
24 |    - `chmod 644 /home/aidmin/.ssh/authorized_keys`
25 |    - `chown aidmin:aidmin /home/aidmin/.ssh/authorized_keys`
26 | 


--------------------------------------------------------------------------------
/legal/privacy-policy.md:
--------------------------------------------------------------------------------
 1 | # Privacy Policy
 2 | 
 3 | The privacy of your data is a big deal to us. In this policy, we lay out: what data we collect and why and how your data is handled. We promise we never sell your data: never have, never will.
 4 | 
 5 | This policy applies to our website (https://aidmin.io) and the application (https://app.aidmin.io).
 6 | 
 7 | ## What we collect and why
 8 | 
 9 | Our guiding principle is to collect only what we need. Here's what that means in practice:
10 | 
11 | ### Identity & Access
12 | 
13 | When you sign up for Aidmin, we typically ask for identifying information such as your name, email address, and later, a company name. That's just so you can personalize your new account, and we can send you invoices, updates, or other essential information. We'll never sell your personal info to third parties, and we won't use your name or company in marketing statements without your permission either.
14 | 
15 | ### Billing information
16 | 
17 | When you pay for Aidmin, we ask for your credit card and billing address. That's so we can charge you for service, calculate taxes due, and send you invoices. Your credit card is passed directly to our payment processor and doesn't ever go through our servers. We store a record of the payment transaction, including the last 4 digits of the credit card number and as-of billing address, for account history, invoicing, and billing support. We store your billing address to calculate any sales tax due in the United States or VAT in the EU, to detect fraudulent credit card transactions, and to print on your invoices.
18 | 
19 | ### Usage data
20 | 
21 | When you browse our marketing pages or applications, your browser automatically shares certain information such as which operating system and browser version you are using. We track that information, along with the pages you are visiting, page load timing, and which website referred you for statistical purposes like conversion rates and to test new designs. We sometimes track specific link clicks to help inform some design decisions. These web analytics data are tied to your IP address and user account if applicable and you are signed into our Services. We blind all of these individual identifiers after 30 days.
22 | 
23 | ## When we access or share your information
24 | 
25 | Our default practice is to not access your information. The only times we'll ever access or share your info are:
26 | 
27 | _To help you troubleshoot or squash a software bug, with your permission._ If at any point we need to access your account to help you with a Support case, we will ask for your consent before proceeding.
28 | 
29 | _To investigate, prevent, or take action regarding restricted uses_. Accessing a customer's account when investigating potential abuse is a measure of last resort. We have an obligation to protect the privacy and safety of both our customers and the people reporting issues to us. We do our best to balance those responsibilities throughout the process. If we do discover you are using our products for a restricted purpose, we will report the incident to the appropriate authorities.
30 | 
31 | _When required under applicable law._
32 | 
33 | Aidmin, Inc is a Canadian company and all data infrastructure are located in the US.
34 | 
35 | - If US law enforcement authorities have the necessary warrant, criminal subpoena, or court order requiring we share data, we have to comply. Otherwise, we flat-out reject requests from local and federal law enforcement when they seek data. And unless we're legally prevented from it, we'll always inform you when such requests are made. In the event a government authority outside the US approaches Aidmin with a request, our default stance is to refuse unless the US government compels us to comply through procedures outlined in a mutual legal assistance treaty or agreement. _We have never received a National Security Letter or Foreign Intelligence Surveillance Act (FISA) order._
36 | - Similarly, if Aidmin receives a request to preserve data, we refuse unless compelled by either the US Federal Stored Communications Act, 18 U.S.C. Section 2703(f) or a properly served US subpoena for civil matters. In both of these situations, we have to comply. In these situations, we notify affected customers as soon as possible unless we are legally prohibited from doing so. We do not share preserved data unless absolutely required under the Stored Communications Act or compelled by a court order that we choose not to appeal. Furthermore, unless we receive a proper warrant, court order, or subpoena before the required preservation period expires, we destroy any preserved copies we made of customer data once the preservation period lapses.
37 | - If we are audited by a tax authority, we may be required to share billing-related information. If that happens, we only share the bare minimum needed such as billing addresses and tax exemption information.
38 |   Finally, if Aidmin Inc. is acquired by or merged with another company — we don't plan on that, but if it happens — we'll notify you well before any info about you is transferred and becomes subject to a different privacy policy.
39 | 
40 | ## Location of site and data
41 | 
42 | Our products and other web properties are operated in the United States. If you are located in the European Union or elsewhere outside of the United States, _please be aware that any information you provide to us will be transferred to and stored in the United States._ By using our Site, participating in any of our services and/or providing us with your information, you consent to this transfer.
43 | 
44 | ## Consent
45 | 
46 | By using our site, you consent to this Privacy Policy.
47 | 
48 | ## Contacting us
49 | 
50 | If you have any questions, comments, or concerns about this privacy policy, please contact us using the following contact information:
51 | 
52 | ```
53 | Aidmin Inc.
54 | Attn: Privacy
55 | 301-8720 Lansdowne Road,
56 | Richmond, BC V6X 1B9, Canada.
57 | privacy@aidmin.io
58 | ```
59 | 


--------------------------------------------------------------------------------
/legal/terms-of-service.md:
--------------------------------------------------------------------------------
 1 | # Terms of Service
 2 | 
 3 | ## 1. Acceptance of the Terms and Conditions.
 4 | 
 5 | 1.1 Aidmin Inc. (herein referred to as the "Aidmin," "we," "us" or "our") provides and makes available this web site (the "Site"). All use of the Site is subject to the terms and conditions contained in these Website Terms and Conditions (this "Agreement"). Please read this Agreement carefully. By accessing, browsing or otherwise using the Site, you acknowledge that you have read, understood, and agree to be bound by this Agreement. If you do not accept the terms and conditions of this Agreement, you shall not access, browse or use the Site. You understand and agree that your use of our data management and analytics platform and services (the "Services") shall not be governed by this Agreement, but rather by your company’s or organization’s agreement with Aidmin covering such Services. However, please note that your access to and use of the Site and any Services are also subject to Aidmin's Privacy Policy located at https://github.com/aidmin-io/docs/blob/main/legal/privacy-policy.md.
 6 | 
 7 | 1.2 You understand and agree that we may change this Agreement at any time without prior notice. You may read a current, effective copy of this Agreement at any time by selecting the “Terms of Use” link on the Site. Any such changes will become effective no earlier than fourteen (14) days after being posted, except that changes addressing new functions of the Services or changes made for legal reasons may become effective immediately. Any use of the Site after such date shall constitute your acceptance of such revised terms and conditions. If any change to this Agreement is not acceptable to you, your sole remedy is to cease accessing, browsing and otherwise using the Site.
 8 | 
 9 | ## 2. Use of the Site.
10 | 
11 | 2.1 This Site contains material, including but not limited to software, text, graphics and images (collectively referred to as the "Content"). We may own the Content or portions of the Content may be made available to us through arrangements that we have with third-parties. The Content is protected by United States and foreign intellectual property laws. Unauthorized use of the Content may result in violation of copyright, trademark, and other laws. You have no rights in or to the Content, and you will not copy the Content and will only access and use the Content for your personal purposes. You may not sell, transfer, assign, license, sublicense, or modify the Content or reproduce, display, publicly perform, make a derivative version of, distribute, or otherwise use the Content in any way for any public or commercial purpose. The use or posting of any of the Content on any other web site or computer network for any purpose is expressly prohibited. If you violate any part of this Agreement, your right to access and/or use the Content and Site shall automatically terminate.
12 | 
13 | 2.2 The trademarks, service marks, and logos of Aidmin (the "Aidmin Trademarks") used and displayed on this Site are registered and unregistered trademarks or service marks of Aidmin. Other companies, products, and service names located on the Site may be trademarks or service marks owned by third-parties (the “Third-Party Trademarks”, and, collectively with the Aidmin Trademarks, the "Trademarks"). Nothing on this Site or in this Agreement should be construed as granting, by implication, estoppel, or otherwise, any license or right to use any Trademark displayed on this Site without the prior written consent of Aidmin specific for each such use. The Trademarks may not be used to disparage Aidmin or the applicable third-party, Aidmin's or third-party’s products or services, or in any manner (using commercially reasonable judgment) that may damage any goodwill in the Trademarks. Use of any Trademarks as part of a link to or from any web site is prohibited without Aidmin's prior written consent. All goodwill generated from the use of any Aidmin Trademark shall inure to Aidmin's benefit.
14 | 
15 | 2.3 You agree not to: (a) take any action that imposes an unreasonable load on the Site’s infrastructure, (b) use any device, software or routine to interfere or attempt to interfere with the proper working of the Site or any activity being conducted on the Site, (c) attempt to decipher, decompile, disassemble or reverse engineer any of the software comprising or making up the Site, (d) delete or alter any material posted on the Site by Aidmin or any other person or entity, or (e) frame or link to any of the materials or information available on the Site.
16 | 
17 | 2.4 The Site contains links to third-party web sites ("External Sites"). These links are provided solely as a convenience to you and not as an endorsement by us of the content on such External Sites. The content of such External Sites is developed and provided by others. You should contact a representative of those External Sites if you have any concerns regarding such links or any content located on such External Sites.
18 | 
19 | We are not responsible for the content of any linked External Sites and do not make any representations regarding the content or accuracy of any materials on such External Sites. You should take precautions when downloading files from all web sites to protect your computer from viruses and other destructive programs. If you decide to access any External Sites, you do so at your own risk.
20 | 
21 | 2.5 Certain elements of the Site are protected by trade dress, trademark, unfair competition, and other state and federal laws and may not be copied or imitated in whole or in part, by any means, including but not limited to, the use of framing or mirrors, except as otherwise expressly permitted by Section 2.1 of the Agreement. None of the Content for this Site may be retransmitted without the express written consent from Aidmin for each and every instance.
22 | 
23 | 2.6 You may from time to time provide suggestions, comments for enhancements or functionality or other feedback ("Feedback") to us with respect to the Site or Content. We shall have full discretion to determine whether or not to proceed with the development or implementation of any Feedback. You hereby grant Aidmin a royalty-free, fully paid up, worldwide, transferable, sublicenseable, irrevocable, perpetual license to (a) copy, distribute, transmit, display, perform, and create derivative works of the Feedback; and (b) use the Feedback and/or any subject matter thereof, including without limitation, the right to develop, manufacture, have manufactured, market, promote, sell, have sold, offer for sale, have offered for sale, import, have imported, rent, provide and/or lease products or services which practice or embody, or are configured for use in practicing, the Feedback and/or any subject matter of the Feedback.
24 | 
25 | ## 3. Limitation of Liability and Disclaimer of Warranties.
26 | 
27 | 3.1. AIDMIN, ITS AFFILIATES, THEIR RESPECTIVE OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, SUPPLIERS, OR LICENSORS (COLLECTIVELY, THE "AIDMIN PARTIES") MAKE NO WARRANTIES OR REPRESENTATIONS ABOUT THE SITE OR CONTENT, INCLUDING BUT NOT LIMITED TO ITS ACCURACY, COMPLETENESS, TIMELINESS OR RELIABILITY. THE AIDMIN PARTIES SHALL NOT BE SUBJECT TO LIABILITY FOR THE TRUTH, ACCURACY OR COMPLETENESS OF THE SITE OR CONTENT OR ANY OTHER INFORMATION CONVEYED TO THE USER OR FOR ERRORS, MISTAKES OR OMISSIONS THEREIN OR FOR ANY DELAYS OR INTERRUPTIONS OF THE DATA OR INFORMATION STREAM FROM WHATEVER CAUSE. YOU AGREE THAT YOU USE THE SITE AND THE CONTENT AT YOUR OWN RISK.
28 | 
29 | THE AIDMIN PARTIES DO NOT WARRANT THAT THE SITE WILL OPERATE ERROR FREE OR THAT THE SITE, ITS SERVER, OR THE CONTENT ARE FREE OF COMPUTER VIRUSES OR SIMILAR CONTAMINATION OR DESTRUCTIVE FEATURES. IF YOUR USE OF THE SITE OR THE CONTENT RESULTS IN THE NEED FOR SERVICING OR REPLACING EQUIPMENT OR DATA, NO AIDMIN PARTY SHALL BE RESPONSIBLE FOR THOSE COSTS.
30 | 
31 | THE SITE AND CONTENT ARE PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS WITHOUT ANY WARRANTIES OF ANY KIND. THE AIDMIN PARTIES DISCLAIM ALL WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE WARRANTIES OF TITLE, MERCHANTABILITY, NONINFRINGEMENT OF THIRD PARTIES RIGHTS, AND FITNESS FOR PARTICULAR PURPOSE.
32 | 
33 | 3.2 IN NO EVENT SHALL ANY AIDMIN PARTY BE LIABLE FOR ANY DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, INCIDENTAL AND CONSEQUENTIAL DAMAGES, LOST PROFITS, OR DAMAGES RESULTING FROM LOST DATA OR BUSINESS INTERRUPTION) RESULTING FROM THE USE OR INABILITY TO USE THE SITE AND THE CONTENT, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), OR ANY OTHER LEGAL THEORY, EVEN IF SUCH AIDMIN PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
34 | 
35 | 3.3. SOME STATES DO NOT ALLOW THE DISCLAIMER OR EXCLUSION OF CERTAIN WARRANTIES OR THE LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES. ACCORDINGLY, IN SUCH STATES, SOME OF THE ABOVE LIMITATIONS MAY NOT APPLY TO YOU OR BE ENFORCEABLE WITH RESPECT TO YOU, AND THE LIABILITY OF THE AIDMIN PARTIES SHALL BE LIMITED TO THE GREATEST EXTENT PERMITTED BY LAW.
36 | 
37 | 3.4 IF YOU ARE FROM NEW JERSEY, THE FOREGOING SECTIONS 3.1 AND 3.2 ARE INTENDED TO BE ONLY AS BROAD AS IS PERMITTED UNDER THE LAWS OF THE STATE OF NEW JERSEY. IF ANY PORTION OF THESE SECTIONS IS HELD TO BE INVALID UNDER THE LAWS OF THE STATE OF NEW JERSEY, THE INVALIDITY OF SUCH PORTION SHALL NOT AFFECT THE VALIDITY OF THE REMAINING PORTIONS OF THE APPLICABLE SECTIONS.
38 | 
39 | ## 4. Indemnification.
40 | 
41 | You agree to defend, indemnify, and hold harmless the Aidmin Parties from and against any claims, actions or demands, including, without limitation, reasonable legal and accounting fees, arising or resulting from your breach of this Agreement or your access to, use or misuse of the Content or Site. Aidmin shall provide notice to you of any such claim, suit, or proceeding. Aidmin reserves the right to assume the exclusive defense and control of any matter which is subject to indemnification under this section. In such case, you agree to cooperate with any reasonable requests assisting Aidmin's defense of such matter.
42 | 
43 | ## 5. Termination of the Agreement.
44 | 
45 | 5.1 Aidmin reserves the right, in its sole discretion, to restrict, suspend, or terminate this Agreement and your access to all or any part of the Site or the Content at any time and for any reason without prior notice or liability. Aidmin reserves the right to change, suspend, or discontinue all or any part of the Site or the Content at any time without prior notice or liability.
46 | 
47 | 5.2 Sections 2 (Use of the Site), 3 (Limitation of Liability and Warranty), 4 (Indemnification), 5 (Termination of Agreement), and 8 (Miscellaneous) shall survive the termination of this Agreement.
48 | 
49 | ## 6. User Must Comply with Applicable Laws.
50 | 
51 | 6.1 This Site is hosted in the United States. We make no claims concerning whether the Content may be downloaded, viewed, or be appropriate for use outside of the United States. If you access the Site or the Content from outside of the United States, you do so at your own risk. Whether inside or outside of the United States, you are solely responsible for ensuring compliance with the laws of your specific jurisdiction.
52 | 
53 | 6.2 The United States controls the export of products and information. You expressly agree to comply with such restrictions and not to export or re-export any of the Content to countries or persons prohibited under the export control laws. By downloading the Content, you are expressly agreeing that you are not in a country where such export is prohibited or are a person or entity for which such export is prohibited. You are solely responsible for compliance with the laws of your specific jurisdiction regarding the import, export, or re-export of the Content.
54 | 
55 | ## 7. U.S. Government Restricted Rights.
56 | 
57 | The Content is provided with “RESTRICTED RIGHTS.” Use, duplication, or disclosure by the Government is subject to the restrictions contained in 48 CFR 52.227-19 and 48 CFR 252.227-7013 et seq. or its successor. Use of the Site or Content by the Government constitutes acknowledgement of our proprietary rights in the Site and Content.
58 | 
59 | ## 8. Miscellaneous.
60 | 
61 | 8.1 This Agreement has been made in and shall be construed and enforced in accordance with the laws of the jurisdiction of the Province of British Columbia and the federal laws of Canada applicable therein, without regard to conflict of laws principles. The United Nations Convention on Contracts for the International Sale of Goods does not apply to this Agreement.
62 | 
63 | 8.2 Any dispute or claim arising out of or relating to this Agreement will be referred to and finally resolved by arbitration administered by the British Columbia International Commercial Arbitration Centre pursuant to its applicable Rules. The place of arbitration shall be Vancouver, British Columbia, Canada and the language of the arbitration shall be English. The number of arbitrators shall be one. Notwithstanding the foregoing, Aidmin may seek and obtain injunctive relief in any jurisdiction in any court of competent jurisdiction and you agree that this Agreement is specifically enforceable by Aidmin through injunctive relief and other equitable remedies without proof of monetary damages.
64 | 
65 | 8.3 If any portion of this Agreement is deemed unlawful, void or unenforceable by any arbitrator or court of competent jurisdiction, this Agreement as a whole will not be deemed unlawful, void or unenforceable, but only that portion of this Agreement that is unlawful, void or unenforceable will be stricken from this Agreement.
66 | 
67 | 8.4 You agree that if Aidmin does not exercise or enforce any legal right or remedy which is contained in the Agreement (or which Aidmin has the benefit of under any applicable law), this will not be taken to be a formal waiver of Aidmin's rights and that those rights or remedies will still be available to Aidmin.
68 | 
69 | 8.5 This Agreement is the entire agreement between us related to the subject matter in this Agreement. This Agreement replaces and supersedes any other prior or contemporaneous agreement, representation or discussion, oral or written, and may not be changed except in writing signed by us, regardless of whether or not the parties act under an unsigned “electronic” agreement or rely on such an unsigned agreement.
70 | 


--------------------------------------------------------------------------------
/security-overview.md:
--------------------------------------------------------------------------------
 1 | # Security Overview
 2 | 
 3 | In order for Aidmin to help you manage your database, we require that you share your database credentials with us. That means we have a great deal of responsibility to keep you safe, and we take this responsibility very seriously.
 4 | 
 5 | We only store data you provide to us to help you manage Aidmin, which is your users, data sources, and roles. Your database schema is stored in an in-memory cache (never stored at rest), and we never store any data, even in a cache, that is queried from your database.
 6 | 
 7 | ## Full encryption
 8 | 
 9 | Whenever your data are in transit between you and us, everything is encrypted, and sent using HTTPS. Within our firewalled private networks, data may be transferred unencrypted.
10 | 
11 | All connections to databases that support encryption are always encrypted.
12 | 
13 | All data we store is encrypted at rest.
14 | 
15 | ## We protect your credentials
16 | 
17 | Your database credentials (and any generated SSH private keys) are encrypted in our database with a key that is unique to each workspace. This information is also encrypted again when stored at rest. If an attacker was to get a copy of the full database, they would be unable to to see your database connection details.
18 | 
19 | Only users with the "Owner" role have permission to view your connection details decrypted in the connection editor.
20 | 
21 | ## Abstractions over querying
22 | 
23 | When a user on Aidmin sends a query to your database, we first build an [AST](https://en.wikipedia.org/wiki/Abstract_syntax_tree) that describes the changes, then validate that the user has permission to make those changes, and then convert that AST into a query that is suited for the type of database you are using.
24 | 
25 | This layer of abstraction allows us to be confident that there can be no [SQL Injections](https://en.wikipedia.org/wiki/SQL_injection) and that the user can only perform actions they are allowed to.
26 | 
27 | ## Physical Security
28 | 
29 | Our servers are hosted on Amazon Web Services, located in US data centers that are SOC 1, SOC 2 and ISO 27001 certified. Read more about [AWS Data Center Controls](https://aws.amazon.com/compliance/data-center/controls/).
30 | 


--------------------------------------------------------------------------------