Hi everyone,
I run a SaaS platform that helps businesses better manage, operate, and analyze their processes. They enter a lot of confidential data like vendors, customers, price lists, etc... in my app. This info if leaked can make or break a business.
We have necessarily checks in the backend which authorize users before they can access something.
However, on the database side, how can I block access to users' data even for myself while still being able to query on metadata? Is it possible to do this? If not, what's the right solution to respect users' privacy?
You can also look at user-specific encryption on the client side. Libraries like PGP, TweetNaCl can help. Also DID solutions offered by Magic Link.
Offer a self-hosting option. Sell licenses and support.