Skip to main content


Data we collect and store

Supaglue is open source, but Supaglue Cloud provides a hosted version of the software. This means that the following types of data are collected and stored by Supaglue in order to provide our services:

  • Account metadata (company name, payment plan, etc.)
  • User account data (email, avatar, group membership, etc.)
  • Connection metadata (task names, description, parameters, etc.)
  • Resource metadata (database connection information)
  • Usage analytics data (URLs of pages visited, etc.)
  • Logs and output produced by syncs, API calls, and other operations that are run through Supaglue

Infrastructure and network security

Security is a top priority for us and we take the following measures to keep your data and account secure.


Supaglue is hosted on Amazon Web Services (AWS) and all of our AWS servers are located in the United States. AWS data centers have state-of-the-art physical access controls, logical access controls, and frequent third-party independent audits. Amazon has published a detailed security whitepaper outlining these measures.

Supaglue employees have audited and as-needed access to infrastructure on AWS. All employees have dedicated user accounts and access infrastructure via two-factor authentication.

SOC 2 Compliance

Supaglue is SOC 2 compliant. This means that we regularly conduct background checks of new employees, have all employees go through security awareness training, and more. To access our SOC 2 report, please email us at


All data in transit is encrypted over HTTPS/TLS between you and Supaglue's servers. All data at rest is stored encrypted and replicated for durability.

Application security

Two-factor authentication and single sign-on

Supaglue currently supports G Suite signon, allowing customers to enforce that users sign in using customer-managed identity providers.

G Suite SSO is restricted to domain(s), so that customers can ensure users only sign in using customer-managed G Suite accounts.

Two-factor authentication for application login can be enforced at the identity provider level (e.g. by turning it on within G Suite).

How to report vulnerabilities

You can email with details on any security vulnerabilities you discover.