Security at Airtable

Airtable was founded on the belief that software shouldn’t dictate how you work—you should dictate how it works. The real-time collaborative Airtable platform empowers people to design a near-infinite number of useful apps of their own, without ever having to learn how to code. From collaborative editorial planning, to managing global marketing campaigns, to powering the entire back office of an organization, Airtable is empowering non-technical workers from all walks of life to rethink decades-old business practices in every industry imaginable.

The flexibility of Airtable enables a range of sensitive and mission-critical use cases. As such, we consider privacy and security to be core functions of our platform, as well as foundational requirements for all new feature development. Earning and keeping the trust of our users is our top priority, so we hold ourselves to the highest privacy and security standards.

When you visit the Airtable website or use one of the Airtable apps, the transmission of information between your device and our servers is protected using 256-bit TLS encryption. At rest, Airtable encrypts data using AES-256.

Airtable servers are located in the US, in data centers that are SOC 1, SOC 2 and ISO 27001 certified. Airtable’s data centers have round-the-clock security, automatic fire detection and suppression, fully redundant power systems, and strict controls for physical access.

We regularly install security updates and patches to keep servers up to date. Servers are segmented based on role and protected using restrictive firewalls.

Airtable utilizes industry-leading Amazon Web Services (AWS) hosting infrastructure. Backups are geo-redundantly replicated across multiple availability zones for data durability. Airtable maintains business continuity and disaster recovery plans. Components of the disaster recovery plan include multiple site operations playbooks, which are regularly reviewed and rehearsed. Airtable implements extensive service monitoring, and our operations team is on call 24x7x365.

Within the Airtable product, collaborator permissions can be managed at the workspace level or the base level. These permissions allow you to control who you share a workspace or base with and whether they can modify the workspaces or bases that you’ve shared with them. Airtable also enables you to restrict access to a base or view share link with a password or with an email domain.

Airtable also provides record-level revision history that shows a visual activity feed of the changes made to each record.

Airtable recommends enabling two-factor authentication (2FA) for your account if you’re using password-based authentication. For more details and instructions to configure 2FA, please see our docs.

Airtable supports SAML-based Single Sign On (SSO) and additional administration features for teams on the Enterprise Plan. Additional information is available here.

Airtable vets employees and performs background checks in accordance with local laws. Employees complete annual security training which covers topics such as data privacy, information security, and password security.

Employee workstations are configured with full-disk encryption, strong passwords, and automatic locking. Employees are prohibited from installing unauthorized software or using portable media.

Airtable maintains separate production and testing environments.

Airtable operates a “bug bounty” program to work with the security community in identifying potential issues.

Airtable runs automated application-level security scans on a daily basis, package dependency security advisory scans on a weekly basis, and endpoint scans on a monthly basis. In addition to internal scans, Airtable commissions external penetration tests on a regular basis.

As part of the software development process, code and configuration changes are thoroughly reviewed. Before being deployed, these changes are tested during the quality assurance process to help ensure a consistent experience across all devices, platforms, and browsers that are supported by Airtable.

Your data is yours. Airtable does not sell or rent any customer information or information provided to the service. For more information, please review our Privacy Policy.

At any time, you may export data from Airtable to CSV files or by using the Airtable API.

If you believe you've discovered a security-related issue, please report the issue on our HackerOne bug bounty program or contact us at security@airtable.com.