Search results
Suggest a FeaturePDF

Overview of Bold Reports Security

Security is one of the biggest considerations for every SaaS (Software as a Service) product. We have built Bold Reports SaaS on Google Cloud Platform (GCP), which is committed to the highest levels of trust, transparency, standards conformance, and regulatory compliance with the most comprehensive set of compliance offerings of any cloud service provider.

This document explains the important security features handled by Bold Reports for customer fulfillment, such as GCP security, authentication, authorization, data security, application security, disaster recovery and business continuity, network security, application monitoring, stripe payment gateway, and more.

Google Cloud Platform security

Google Cloud Platform (GCP) has multiple layers of security controls and features to ensure the confidentiality, integrity, and availability of Bold Reports Cloud data. GCP is the first line of defense in protecting your Bold Reports resources in Google, which helps prevent, detect, and respond to threats with increased visibility into and control over the security of your Bold Reports resources. It provides integrated security monitoring and policy management across our service, helps detect threats that might otherwise go unnoticed, and works with a broad ecosystem of security solutions.

Overall, GCP provides a robust security framework that includes multiple layers of security controls and features to protect Bold Reports data and infrastructure.


Authentication verifies the user’s identity. Anyone who wants to access and manage the resource such as reports, data source and dataset must be a user of the Bold Reports cloud application. The Bold Reports cloud can be configured to use either local or external authentication to validate the authenticity its the user.

Local authentication

In local authentication, Bold Reports cloud validates the user authentication by comparing the provided credentials with the details stored in the Bold Reports PostgreSQL database.

External authentication

Bold Reports cloud can be configured with Azure Active Directory as external authentication provider.

Azure Active Directory

Bold Reports Cloud can be configured to use Azure Active Directory for importing users into Bold Reports cloud and validating their authentication. Users will be logged into Bold Reports cloud once they are validated and authenticated by Azure by providing their credentials.


Authorization refers to which resources, such as reports, data sources or datasets, users can access on the Bold Reports cloud after authentication has been verified.

Authorization includes:

  • Which users are allowed to create new reports or manage existing reports.
  • Which users are allowed to create new data sources or manage existing data sources.
  • Which users are allowed to create new datasets or manage existing datasets.
  • Which users are allowed to create new the schedules or manage existing schedules.
  • Which users are allowed to perform admin roles on Bold Reports, such as adding users and configuring server settings.

Data security

Bold Reports cloud provides support to control which users can see which reports, data sources and datasets. For data sources that connect to live databases, you can also control the users based on their permissions. There are read, write, create, and delete permissions, which can be assigned to users and groups. Without the read permission, no user could see your data source, dataset and reports.

Bold Reports cloud does not have access to the following information, except for limited access with customer permission for support and troubleshooting:

  • Tenant and its users’ information
  • App configuration such as site settings, subscription details, and more.
  • Data sources, datasets, and report details that have been added to the Bold Reports application.

Postgresql database security

Security is a top concern for managing databases, and it has always been a priority for PostgreSQL database and it is a popular open-source relational database management system that is used by Bold Reports cloud to store and manage the data. PostgreSQL database supports connection security with firewall rules and connection encryption. All PostgreSQL databases are configured with a firewall rule that connections should only be allowed from the Bold Reports cloud application.

Protection of database:
PostgreSQL database helps secure your data by providing encryption:

  • Encryption: PostgreSQL supports encryption at different levels, including encryption of data in transit (using SSL/TLS) and encryption of data at rest (using tools like dm-crypt, LUKS, or other file system-level encryption mechanisms).

Within the Bold Reports cloud application

Within the Bold Reports cloud application, Bold Reports cloud provides a flexible permission system with which you can control access to reports, data sources, and datasets.

Between the Bold Reports cloud tenants

Every tenant user can only log in to their own tenant and access the resources. Each tenant is deployed with its own database and resource storage, which ensures that data from one tenant is not shared with another. Also, users belonging to one tenant can only see users from the same tenant and share reports with those users. Users must have permissions to view and access the reports and resources created by another user within the same tenant.

Data isolation

Bold Reports cloud uses Microsoft Azure blob storage and a PostgreSQL database to store customer data. Each customer’s data is logically separated from other customers’ data using their unique identity. This set of identities is stored in another PostgreSQL database for lookup purposes. This ensures that no customer’s service data becomes accessible to another customer.

Data retention and disposal

We hold your data in the Bold Reports cloud application as long as you choose to use Bold Reports Services. Once you terminate your Bold Reports cloud application, your data will be deleted from the Bold Reports cloud based on the following scenarios:

  • If you’re unpaid for 60 days, we will terminate your account after giving you prior notice and an option to back-up your data.
  • If you requested deletion before the end of the trial period, your data will be deleted after 15 days, with prior notice given to you.
  • If you requested deletion after the end of the trial period, your data will be deleted the day after your request.

Application security

Bold Reports cloud uses the following encryption methods to secure information such as user passwords and database details:

  • Rijndael Encryption (256 bits)
  • RSA Cryptography (1024 bits)
  • AES Cryptography (128 bits)

Secure by design

Every change and new feature is governed by a change management policy to ensure all application changes are authorized before implementation into production. Our Software Development Life Cycle (SDLC) mandates adherence to secure coding guidelines and screening of code changes for potential security issues with our code analyzer tools, vulnerability scanners, and manual review processes.

People processes

The Bold Reports security team has years of experience in operating data centers and continually improves our processes over time. Employee access is logged and passwords are strictly regulated. We limit data access to only a few employees who need such access to provide support and troubleshooting on our customer’s behalf.

Disaster recovery and business continuity

Backups of Bold Reports Cloud workloads can be scheduled periodically for both application data and cluster state data which can be useful for disaster recovery, CI/CD pipelines, cloning workloads, or upgrade scenarios. The cloud database will have the backup of the last seven days data by default. We can restore this to a new cluster at any time.

Network Security

Bold Reports cloud relies on GCP network security, and its infrastructure helps protect your data against the most sophisticated electronic attacks. Bold Reports cloud provides the following network security measures.

Secure transit

Every piece of data transmitted to the servers over public networks is protected using strong encryption protocols. We mandate that all connections to our servers use Transport Layer Security (TLS 1.2) encryption with strong ciphers for all connections, including web access, API access, and IMAP/POP/SMTP email client access. This ensures a secure connection by allowing the authentication of both parties involved in the connection and by encrypting the data to be transferred.

Client to Bold Reports Cloud

The Bold Reports cloud is configured with the HTTPS protocol, and we are also using the HTTP/2 protocol for encrypted connections, thereby increasing user and application security. The Bold Reports cloud application is configured with SSL; all content and communications between clients are encrypted using SSL, and the HTTPS protocol is used for requests and responses.

Bold Reports with HTTPS is secured using the Transport Layer Security protocol, which provides three key layers of protection:

  • Encryption: Encrypts the exchanged data to keep it secure from eavesdroppers.
  • Data integrity: Ensures data cannot be modified or corrupted during transfer, intentionally or otherwise, without being detected.
  • Authentication: Proves that your users are communicating with the intended website.

Resource access REST API

Bold Reports Cloud makes internal API calls to access resources on the web using a secure connection. Bold Reports Cloud only accepts connections that use TLS 1.2 (Transport Layer Security) or above encryption.

Bold Reports cloud to database

The Bold Reports cloud database contains the most important data, as it connects to the database using an SSL connection, which offers encrypted data transfer between the application and the database. The Bold Reports cloud database has been configured and protected on GKE using a firewall that only allows access from the same GKE environment.

Application monitoring

Logging and monitoring

We are using Exceptionless, which monitors and analyzes information gathered from services, internal network traffic, and usage of devices and terminals. We record this information in the form of event logs, audit logs, fault logs, administrator logs, and operator logs. These logs are stored on a secure server, isolated from full system access, to manage access control centrally and check availability in the GCP.

Stripe payment gateway

Cards are one of the most popular ways to pay online due to their broad global reach. We use the Stripe Payment Gateway for our SaaS business, which is an excellent software platform for running an internet business. The Stripe Payment Gateway has been integrated using the Stripe APIs and their client libraries.

We obtain the card details, encrypt them with secure encryption keys, and send them to Stripe for payment processing. We assure you that we do not store and cannot see your card details from our side. Your card details are handled only by Stripe Payment Gateways.

Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry.

Open source component usage

The Bold Reports SaaS product includes various open source components. These components are licensed under the terms of applicable open source license agreements. Our legal team verifies and approves the use of these components in the Bold Reports cloud application. The usage of these components is revisited and reviewed before every release.