Data and object storage

All relational databases are developed using PostgreSQL, a free and open-source relational database management system known for its extensibility and SQL compliance. Fully managed AWS RDS instances are used to simplify the setup, operation, scaling and high availability of platform databases.

AWS S3 buckets are used for resilient file and object storage.

Production databases and object stores are encrypted at rest using the AES-256 encryption algorithm. All automated backups and snapshots are stored encrypted. Encryption keys are protected by hardware security modules validated by the FIPS 140-2 Cryptographic Module Validation Program.

Data hardening best practices are followed, including:

  • database servers are not remotely accessible and can only be accessed from clients on our internal subnet
  • no personally identifiable data is stored on non-production environments
  • access to key systems is protected using multi-factor authentication and access is restricted following the least privilege principle